Hi, Ivan Shmakov: > I agree that the issue gets trickier for multiuser hosts, but > I’m pretty sure that there still will be at least one user for > whom no such access restrictions should apply, – irrespective of > his or her “login locality.” > The access groups are still available if you want or need them.
But on a multi-user system, we can't depend on the first user being any sort of special owner; it might just as well be the person whose desk the machine is hidden under, but that doesn't give them any special rights to the machine's peripherals when a colleague is using it. This gets even more complicated on multi-seat machines: just how many audio groups do you want to create? The default should be safe. Having a special user who gets access no matter how they log in (or even if they are no longer logged in but just leane a daemon running), just because this happened to be the first user added to the system, is not. -- -- Matthias Urlichs
signature.asc
Description: Digital signature
