Re: Users and Groups

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Les Mikesell wrote:
> Mikkel L. Ellertson wrote:
> 
>>> If you log in or su to root, the black magic permission changing where
>>> the system guesses that a user touching the keyboard should own nearby
>>> devices doesn't matter anyway.
>>>
>> What guessing? Why should it not matter who is logged into the local
>> console? Or are you arguing that on a normal desktop system, a
>> remote user should have access to things like sound, and the
>> built-in video?
> 
> I'm arguing that whether you have access to those devices should depend
> on who you are, not where you are, just like every other unix operation
> checks pre-established settings for user and group values against
> pre-established settings on every file and device when opening them.  It
> shouldn't be determined by whether you are able to touch a certain
> keyboard.
> 
It adds one more level of control. Instead of a user being able to
access a device from anywhere, you can limit access to when they are
actually at the machine. Just like you can do for running some
programs. If you only run servers, then it is probably not useful to
you. For desktop users, it can be very useful. It can also be a
security measure. For example, You may want to set it up so the user
that is syncing their PDA is the only one that can access it.
Because they have to be at the local console to use the sync cradle,
you limit the access to the local user. (Network syncing a PDA is
outside the scope of this - most users are not going to be doing
this.) User A can sync his PDA when he is using the machine locally,
but user B can not access it remotely. But user B can sync his PDA
when he is logged in locally at the same machine. Kind of like why
each user has their own user name and password, instead of everyone
sharing one.

There are a lot of resources that were not available in the original
UNIX systems, or were not usable by a normal user, that users
commonly use today. Because of this, Linux handles some resources in
ways that user/group permission are nto the best choice. Arguments
that boil down to "it has always been done that way" are not going
to cut it.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux