systemd requires HTTP server and serves QR codes

Simo Sorce simo at redhat.com
Wed Oct 10 14:15:37 UTC 2012


On Wed, 2012-10-10 at 13:58 +0200, Lennart Poettering wrote:
> On Tue, 09.10.12 21:26, Matthew Miller (mattdm at fedoraproject.org) wrote:
> 
> > On Tue, Oct 09, 2012 at 05:19:59PM -0700, J. Randall Owens wrote:
> > > Just on the naming, I'd rather steer clear of the actual concept, let me
> > > get this straight: You want a group called "adm", presumably short for
> > > "administrator", the point of which is that it can view system things,
> > > but not actually *administer* them?  Why on Earth call it "adm"?
> > 
> > The group is already there, so it's not a big stretch, but I agree the
> > naming is confusing when used in this way. ("wheel" isn't exactly
> > straightforward either, but at least it's Traditional.)
> 
> As I already mentioned: "adm" has been around for along time, and has
> been used in this context in Debian since about forever. We just adopted
> the same logic in systemd that already made sense on Debian for a long
> time.

It's very nice that debian uses this concept, but Fedora doesn't and had
stricter policies. Can you explain the rationale for relaxing them (esp.
wrt /var/log/secure aka authpriv.* messages)

> In systemd we try to unify Linux a bit, part of that is to take
> influences and be inspired by the various distros around. In this case
> the Debian way made most sense to us, so we made it the default in
> systemd, too.

Except this is a regression in the security model IMHO.

Note I am not saying it must not be done, but I want to understand if
there is any value on it or you just picked it 'because Debian'.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



More information about the devel mailing list