[LAD] [ANNOUNCE] Safe real-time on the desktop by default; Desktop/audio RT developers, read this!
Lennart Poettering
mzynq at 0pointer.de
Mon Jun 22 12:46:51 UTC 2009
On Mon, 22.06.09 09:33, Arnold Krille (arnold at arnoldarts.de) wrote:
> On Monday 22 June 2009 02:09:36 Lennart Poettering wrote:
> > Doing authorization via groups is broken,
>
> What??? Did you ever do administration for more then one computer???
> Authorization by groups is _the only_ way to go if you have more then one user
> to authorize for anything.
> If you don't agree ask firms with intranets and net-wide authorization, look at
> yp/nis/ldap/Active Directory.
Please read up on PoliyKit. What it does, and why it has been
introduced.
You practically cannot take group membership away from a user after
you gave it to him, and also adding a seperate group for every tiny
bit you need to authorize access to doesn't scale.
> > since practically you can
> > never take group membership away.
>
> Yes, you can. Just remove the person from a group and the next time the groups
> are checked for that user, the rights are gone.
Except that this doesn't work.
http://hal.freedesktop.org/docs/PolicyKit/intro-define-problem.html
Lennart
--
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/ GnuPG 0x1A015CC4
More information about the Linux-audio-dev
mailing list