Re: Users and Groups

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mikkel L. Ellertson wrote:

I'm arguing that whether you have access to those devices should depend
on who you are, not where you are, just like every other unix operation
checks pre-established settings for user and group values against
pre-established settings on every file and device when opening them.  It
shouldn't be determined by whether you are able to touch a certain
keyboard.

It adds one more level of control. Instead of a user being able to
access a device from anywhere, you can limit access to when they are
actually at the machine.

But the 'console' isn't something special in a multiuser system. Personally, I do almost all Linux work through NX/freenx, remote X, or ssh connections. I may be near enough to want to use speakers or CD devices but not using the attached keyboard - if there is one.

Just like you can do for running some
programs. If you only run servers, then it is probably not useful to
you.

There is not a clear line between a server and a desktop. For me, the 'desktop' may only be running X or NX.

> For desktop users, it can be very useful. It can also be a
security measure.

If you throw away the concepts of remote access and multiuser operation.

For example, You may want to set it up so the user
that is syncing their PDA is the only one that can access it.
Because they have to be at the local console to use the sync cradle,
you limit the access to the local user.

Like I said, I may be 'near' a machine but not using its keyboard.

There are a lot of resources that were not available in the original
UNIX systems, or were not usable by a normal user, that users
commonly use today. Because of this, Linux handles some resources in
ways that user/group permission are nto the best choice. Arguments
that boil down to "it has always been done that way" are not going
to cut it.

It's not _just_ that it has always been done that way - it was done that way for good reasons and it doesn't make much sense to dumb down an elegant system designed for multiuser and network access and pretend it can only be accessed for certain things if you happen to be typing at a certain keyboard. As an _option_ that you could active if you happen to have that sort of situation and don't care about network/remote access it would make sense, but it is throwing away a lot to pretend that it is only designed to be used from one special device and make the other things break by default.

--
  Les Mikesell
   lesmikesell@xxxxxxxxx

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux