[LAD] [ANNOUNCE] Safe real-time on the desktop by default; Desktop/audio RT developers, read this!

Lennart Poettering mzynq at 0pointer.de
Mon Jun 22 12:46:51 UTC 2009

On Mon, 22.06.09 09:33, Arnold Krille (arnold at arnoldarts.de) wrote:

> On Monday 22 June 2009 02:09:36 Lennart Poettering wrote:
> > Doing authorization via groups is broken,
> What??? Did you ever do administration for more then one computer??? 
> Authorization by groups is _the only_ way to go if you have more then one user 
> to authorize for anything.
> If you don't agree ask firms with intranets and net-wide authorization, look at 
> yp/nis/ldap/Active Directory.

Please read up on PoliyKit. What it does, and why it has been

You practically cannot take group membership away from a user after
you gave it to him, and also adding a seperate group for every tiny
bit you need to authorize access to doesn't scale.

> > since practically you can
> > never take group membership away.
> Yes, you can. Just remove the person from a group and the next time the groups 
> are checked for that user, the rights are gone.

Except that this doesn't work.



Lennart Poettering                        Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/           GnuPG 0x1A015CC4

More information about the Linux-audio-dev mailing list