❦ 3 décembre 2014 13:55 +0100, Adam Borowski <kilobyte@angband.pl> :
>> In both cases (systemd-sysv or systemd-shim), ACLs should be correctly
>> set for the current user.
>>
>> This “adduser first-user audio” was already useless in squeeze and it
>> hasn’t changed.
>
> Only if you run logind or consolekit. Without them (ie, on headless boxes
> or with classic-type WMs) you do need to access the devices which are mode
> 660 root:audio.
A classic-type WM can make use of logind to get the appropriate ACL
setup.
The problem with those groups is that they are not fine grained
enough. For example, the video group gives access to the framebuffer
device (the user can do a screenshot) or to a webcam (the user can spy
another user). By encouraging the use of those groups, we create big
security hole.
logind is far better from a security point of view. This doesn't prevent
the user to use groups if they want to.
--
panic("Foooooooood fight!");
2.2.16 /usr/src/linux/drivers/scsi/aha1542.c
Attachment:
signature.asc
Description: PGP signature