systemd requires HTTP server and serves QR codes
J. Randall Owens
jrowens.fedora at ghiapet.net
Wed Oct 10 00:19:59 UTC 2012
On 10/09/2012 11:34 AM, Lennart Poettering wrote:
> On Tue, 09.10.12 14:26, Simo Sorce (simo at redhat.com) wrote:
>
>> On Tue, 2012-10-09 at 20:17 +0200, Lennart Poettering wrote:
>>> Well, we could of course add this as ACL, but I wonder if it wouldn't
>>> be
>>> nicer to declare that "adm" is for seeing, and "wheel" for doing as I
>>> suggested above.
>>>
>> What's the point of 2 different groups ?
>>
>> We have filesystem permissions to determine what a user/group can do,
>> plus we have selinux on top to enforce in a different way some of these
>> policies.
>>
>> What does 2 different groups give you besides confusion ?
>
> Safety? Robustness?
>
> For example, by adding people to "adm" you can allow them to monitor
> machines, but when something happens and they want to do things they'd
> have to go through "sudo" or "su", thus adding a psychological barrier
> so that they don't break things... That means they can watch the machine
> just fine, but "rm -rf /" when doing that will have no effect. But they
> still can do priviliged things if they feel the need to, after auth.
Just on the naming, I'd rather steer clear of the actual concept, let me
get this straight: You want a group called "adm", presumably short for
"administrator", the point of which is that it can view system things,
but not actually *administer* them? Why on Earth call it "adm"?
--
J. Randall Owens | http://www.ghiapet.net/
More information about the devel
mailing list