[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: group nvram

Le mercredi 18 mars 2009 à 19:13 +0100, Marco d'Itri a écrit :
>     fuse (I have no idea about how FUSE works)

Then why break it? It’s very useful to be able to restrict the list of
users allowed to use it.

OTOH, given how it works, it would be really useful to make it use D-Bus
so that we’d have more flexibility with permissions (but keeping a group
around would be better anyway).

>     rdma (infiniband devices)

The security implications of accessing a RDMA device are far from
trivial, so the same reasoning applies. You need to be able to lock down
the device to a class of users, and Unix groups are currently the
simplest approach.

> The other major reason to do this is that non-standard groups which are
> not in /etc/groups break some systems which use LDAP.

Once was thrown the idea to prefix all system groups with “Debian-”.
This solves this specific problem in a much better way.

 .''`.      Debian 5.0 "Lenny" has been released!
: :' :
`. `'   Last night, Darth Vader came down from planet Vulcan and told
  `-    me that if you don't install Lenny, he'd melt your brain.

Attachment: signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=

Reply to: