On Wed, 2014-12-03 at 14:25 +0100, Vincent Bernat wrote: > ❦ 3 décembre 2014 13:55 +0100, Adam Borowski <kilob...@angband.pl> : > > >> In both cases (systemd-sysv or systemd-shim), ACLs should be correctly > >> set for the current user. > >> > >> This “adduser first-user audio” was already useless in squeeze and it > >> hasn’t changed. > > > > Only if you run logind or consolekit. Without them (ie, on headless boxes > > or with classic-type WMs) you do need to access the devices which are mode > > 660 root:audio. > > A classic-type WM can make use of logind to get the appropriate ACL > setup. > > The problem with those groups is that they are not fine grained > enough. For example, the video group gives access to the framebuffer > device (the user can do a screenshot) or to a webcam (the user can spy > another user). By encouraging the use of those groups, we create big > security hole.
If more granularity is needed, what's hindering introduction of even more groups: like an image group and splitting the fb0 to more devices? Or even subdirectories like /dev/snd/* for audio etc. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1417617989.3453.34.ca...@g3620.my.own.domain
