[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: group nvram

Marco d'Itri wrote:
> On Mar 17, Stephen Gran <sgran@debian.org> wrote:
>> That's the first I've heard that argument - of course you don't give
> This is weird, because it has been around for quite a long time.
> E.g. cp /bin/bash .; chgrp audio bash; chmod g+s bash

This argument makes as much sense as
cp /bin/bash .; chgrp md bash; chmod g+s bash
Either you're member of a group, then you're allowed to mess with the rights of
the group, or you're not.

>> untrusted users access to hardware, but we've always managed access to
>> devices with group membership (lp, dialout, etc).  Are you proposing
>> that should change?
> The rest of the Linux world is:
> http://dualstack.ipv6-exp.l.google.com/search?q=policykit .

Which means I need to run some weird agent to be able to access my printer,
serial ports and similar devices? <irony>That makes so much sense...</irony>.
Please do not try to change common and working things, just because somebody
thinks there's a fance new piece of code which could handle it better. Remember,
there're small machines with limited memory running Debian, where you neither
want to waste memory with an agent nor you want to run everything as root.

The idea behind policykit is not bad, but it should be introduced with care and
not by breaking well working ways of handling access.

 Bernd Zeimetz                           Debian GNU/Linux Developer
 GPG Fingerprint: 06C8 C9A2 EAAD E37E 5B2C BE93 067A AD04 C93B FF79

Reply to: