Lindsay Haisley <fmouse-gentoo fmp.com> posted
1193028074.25192.11.camelvishnu.fmp.com, excerpted
below, on Sun, 21 Oct
2007 23:41:14 -0500:
> It should be pointed out that Gentoo already has
something very close to
> what I'm suggesting here. /etc/login.defs has a
setting,
> CONSOLE_GROUPS, which defines the "groups to add
to the user's
> supplementary group set when logging in on the
console". The default,
> reasonably, is to add no groups, but uncommenting the
setting in this
> file adds groups floppy, audio and cdrom.
>
> Rather than describing this as a "very Bad
Thing" the comments in the
> file simply instruct the sysadmin to "Use with
caution".
... And I agree with it at that level... because it's not
the default. A
warning to the sysadmin to "use with caution" is
then enough. If they
decide to use it (which I agree can be reasonable on a
single-human-user
desktop system, IIRC I have my regular user in plugdev here)
and end up
screwed as a result, well, it's very likely their own fault.
(The "very
likely" qualifier added to match the case where a
distribution and/or
upstream were unreasonably slow on updating after a remotely
exploitable
security vuln in related software is made known to them, but
they did
nothing, including failing to publish the vuln, thus letting
the admin
know and putting responsibility on him once again, for
continuing to use
software with known remote exploits either ignoring or not
following the
given warnings.)
> Unfortunately, this setting won't work with Hal and
plugdev, which
> relies entirely on reading /etc/group.
So hal wants the user to be permanently registered for
plugdev, as
opposed to simply added based on console login.
FWIW, console based perms (as with pam and
/etc/security/console.perms,
when it used to default to active) never worked right here,
anyway, due
to the way I use the system. Most of the time when I'm
logged in to X,
it's not considered a console login, because I login at the
text
terminal, then run a script that starts X and KDE, waits a
few seconds,
and logs me out at the console. This always resulted in all
sorts of
stuff including sound seldom working right, since it would
be active
while I was logged in at the text console, but I was logged
out of it
most of the time when I was in X/KDE. I ended up setting
permissions and
groups such that my user had general access to sound and
whatever other
devices, regardless of console login status, because the
system seemed to
think I was logged out most of the time.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."
Richard Stallman
--
gentoo-desktopgentoo.org mailing list
|