On Wed, 2014-12-03 at 16:55 +0000, Simon McVittie wrote: > On 03/12/14 14:46, Svante Signell wrote: > > On Wed, 2014-12-03 at 14:25 +0100, Vincent Bernat wrote: > >> The problem with those groups is that they are not fine grained > >> enough. > > > > If more granularity is needed, what's hindering introduction of even > > more groups: like an image group and splitting the fb0 to more devices? > > Or even subdirectories like /dev/snd/* for audio etc. > > This does not actually solve the same problem as logind's "uaccess", or > ConsoleKit's "udev ACL" (which was an older version of the same general > idea): it just splits it up into a larger number of orthogonal instances > of the same problem, which is that group membership makes a poor > encoding for temporary permissions.
Have you ever heard about openafs? Additionally, I seriously think that much can be done by following the ancient Unix utmp/wtmp track, e.g. as a start checking and limiting who is allowed to write to that file. Yes, I've read the manpage. Anyway, it was developed for a reason, right? -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1417814020.3453.111.ca...@g3620.my.own.domain
