Mikkel L. Ellertson wrote:
I'm arguing that whether you have access to those devices should depend
on who you are, not where you are, just like every other unix operation
checks pre-established settings for user and group values against
pre-established settings on every file and device when opening them. It
shouldn't be determined by whether you are able to touch a certain
keyboard.
It adds one more level of control. Instead of a user being able to
access a device from anywhere, you can limit access to when they are
actually at the machine.
But the 'console' isn't something special in a multiuser system.
Personally, I do almost all Linux work through NX/freenx, remote X, or
ssh connections. I may be near enough to want to use speakers or CD
devices but not using the attached keyboard - if there is one.
Just like you can do for running some
programs. If you only run servers, then it is probably not useful to
you.
There is not a clear line between a server and a desktop. For me, the
'desktop' may only be running X or NX.
> For desktop users, it can be very useful. It can also be a
security measure.
If you throw away the concepts of remote access and multiuser operation.
For example, You may want to set it up so the user
that is syncing their PDA is the only one that can access it.
Because they have to be at the local console to use the sync cradle,
you limit the access to the local user.
Like I said, I may be 'near' a machine but not using its keyboard.
There are a lot of resources that were not available in the original
UNIX systems, or were not usable by a normal user, that users
commonly use today. Because of this, Linux handles some resources in
ways that user/group permission are nto the best choice. Arguments
that boil down to "it has always been done that way" are not going
to cut it.
It's not _just_ that it has always been done that way - it was done that
way for good reasons and it doesn't make much sense to dumb down an
elegant system designed for multiuser and network access and pretend it
can only be accessed for certain things if you happen to be typing at a
certain keyboard. As an _option_ that you could active if you happen to
have that sort of situation and don't care about network/remote access
it would make sense, but it is throwing away a lot to pretend that it is
only designed to be used from one special device and make the other
things break by default.
--
Les Mikesell
lesmikesell@xxxxxxxxx
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list