On Mon, 22.06.09 09:33, Arnold Krille (arnold@email-addr-hidden) wrote:
> On Monday 22 June 2009 02:09:36 Lennart Poettering wrote:
> > Doing authorization via groups is broken,
>
> What??? Did you ever do administration for more then one computer???
> Authorization by groups is _the only_ way to go if you have more then one user
> to authorize for anything.
> If you don't agree ask firms with intranets and net-wide authorization, look at
> yp/nis/ldap/Active Directory.
Please read up on PoliyKit. What it does, and why it has been
introduced.
You practically cannot take group membership away from a user after
you gave it to him, and also adding a seperate group for every tiny
bit you need to authorize access to doesn't scale.
> > since practically you can
> > never take group membership away.
>
> Yes, you can. Just remove the person from a group and the next time the groups
> are checked for that user, the rights are gone.
Except that this doesn't work.
http://hal.freedesktop.org/docs/PolicyKit/intro-define-problem.html
Lennart
-- Lennart Poettering Red Hat, Inc. lennart [at] poettering [dot] net http://0pointer.net/lennart/ GnuPG 0x1A015CC4 _______________________________________________ Linux-audio-dev mailing list Linux-audio-dev@email-addr-hidden http://lists.linuxaudio.org/mailman/listinfo/linux-audio-devReceived on Mon Jun 22 16:15:02 2009
This archive was generated by hypermail 2.1.8 : Mon Jun 22 2009 - 16:15:02 EEST