On Wed, 2012-10-10 at 13:58 +0200, Lennart Poettering wrote:
> On Tue, 09.10.12 21:26, Matthew Miller (mattdm@xxxxxxxxxxxxxxxxx) wrote:
>
> > On Tue, Oct 09, 2012 at 05:19:59PM -0700, J. Randall Owens wrote:
> > > Just on the naming, I'd rather steer clear of the actual concept, let me
> > > get this straight: You want a group called "adm", presumably short for
> > > "administrator", the point of which is that it can view system things,
> > > but not actually *administer* them? Why on Earth call it "adm"?
> >
> > The group is already there, so it's not a big stretch, but I agree the
> > naming is confusing when used in this way. ("wheel" isn't exactly
> > straightforward either, but at least it's Traditional.)
>
> As I already mentioned: "adm" has been around for along time, and has
> been used in this context in Debian since about forever. We just adopted
> the same logic in systemd that already made sense on Debian for a long
> time.
It's very nice that debian uses this concept, but Fedora doesn't and had
stricter policies. Can you explain the rationale for relaxing them (esp.
wrt /var/log/secure aka authpriv.* messages)
> In systemd we try to unify Linux a bit, part of that is to take
> influences and be inspired by the various distros around. In this case
> the Debian way made most sense to us, so we made it the default in
> systemd, too.
Except this is a regression in the security model IMHO.
Note I am not saying it must not be done, but I want to understand if
there is any value on it or you just picked it 'because Debian'.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
