Le mercredi 04 mars 2009 à 17:55 +0100, Petter Reinholdtsen a écrit : > Personally, I believe adding users to these groups at install time is > the wrong approach, and believe the only scalable way to handle this > is with policykit like features. Then the group membership is handled > dynamically at login time, and every console user get the expected > privileges.
ConsoleKit and PolicyKit cannot solve all use cases unless the whole stack is updated. This works very nicely for things like HAL: the device is handled purely by the process running as root, and the ability to talk to this process is controlled by the console access. However, for e.g. audio access this cannot work unless all audio playback goes through a process running as a privileged user. With the current APIs, users need to be able to access the devices directly, and these are privileges you cannot revoke. > > In short....the first created user *should* be in powerdev. If it is > > not....then there's a bug in user-setup (or somewhere else...). > > I believe this code should be dropped from d-i, and policykit related > packages using pam_group should be installed instead. Using things like pam_console or pam_group should not become our default policy, unless we at least ensure /home, /var and /tmp are mounted nosuid – and it would be better with the ability to revoke the permissions on the open devices as well. There is ongoing work in the kernel to finally add session support in it, so maybe something good will come out of it, but otherwise this is still the same mess. Cheers, -- .''`. Debian 5.0 "Lenny" has been released! : :' : `. `' Last night, Darth Vader came down from planet Vulcan and told `- me that if you don't install Lenny, he'd melt your brain.
signature.asc
Description: Ceci est une partie de message numériquement signée
