Re: Embarrassing security bug in systemd
On Fri, Dec 08, 2017 at 10:17:36AM +0100, Menelaos Maglis wrote:
>
> It is an improvement to have a consistent (central) way to configure
> this behavior.
>
> It is probably a "good thing" to allow users with physical access to
> reboot/shutdown a desktop/laptop system.
>
> It is probably not a preferred solution for a multi-user/server system.
>
It is a definitely a bad thing to silently change/break an existing
configuration.
That is really the problem that I have with this while issue that was
brought up. I get that it is a "sensible" default to allow users on the
console (TTY or via DM) permission to reboot the machine. However, when
an admin has configured the system to disallow that sort of thing, it is
frustrating to have a new thing come along and not respect the
configuration. It is even more frustrating when the fact that the new
thing ignores the configuration is not even documented where one would
expect it (i.e., the Debian release notes in this case).
Regards,
-Roberto
--
Roberto C. Sánchez
Reply to: