| 1 |
Lindsay Haisley <fmouse-gentoo@×××.com> posted |
| 2 |
1192899794.10036.59.camel@××××××××××.com, excerpted below, on Sat, 20 Oct |
| 3 |
2007 12:03:14 -0500: |
| 4 |
|
| 5 |
> On Sat, 2007-10-20 at 04:32 +0000, Duncan wrote: |
| 6 |
>> > It would be a Good Thing if new local accounts could be added to |
| 7 |
>> > group plugdev when they're created. |
| 8 |
|
| 9 |
For a moment there, I was rather confused, as I knew I certainly didn't |
| 10 |
write what plainly looked to be attributed to me... I know it's hard to |
| 11 |
get the attributions right when your first comment is on something down |
| 12 |
the way a bit (I often find myself saying... there otta be a way), but at |
| 13 |
least put in a "[quoting a previous post]" or something, so stuff doesn't |
| 14 |
look so confusingly attributed to the wrong people. |
| 15 |
|
| 16 |
> This is mostly just wishful thinking. There are a number of groups that |
| 17 |
> a desktop user should be added to, depending on what's to be done with |
| 18 |
> the system. I quite agree with you in general on the security issue, |
| 19 |
> when I think about it, but not if the box is a single-user desktop |
| 20 |
> system. |
| 21 |
|
| 22 |
I'll admit there are certainly ways to make the management thereof |
| 23 |
easier. OTOH, Gentoo is very deliberately not aimed toward those who |
| 24 |
need a huge amount of hand-holding, and users are expected to take |
| 25 |
responsibility for sysadmining their own system -- with guidance where it |
| 26 |
may be found necessary, of course, and this is arguably one such place. |
| 27 |
|
| 28 |
Beyond that is precisely where the forums and lists like this come in. |
| 29 |
The question was a reasonable one to ask, and it was quickly and |
| 30 |
reasonably answered (if by the original poster, but answered in any case) |
| 31 |
and confirmed. Gentoo can be rightly proud of the helpful environment it |
| 32 |
has fostered in this regard, and the fact that the original poster was |
| 33 |
resourceful enough to independently find and post the answer as well (and |
| 34 |
in such a short time) supports just how resourceful our users are. =8^) |
| 35 |
|
| 36 |
>> Adding users you wish to have this access to the plugdev group is |
| 37 |
>> indeed the correct solution, and indeed, mentioned in the log messages |
| 38 |
>> for the hal package when you merge it. Check your portage messages |
| 39 |
>> log, or see the elog at the end of the hal ebuilds if necessary. So |
| 40 |
>> the instructions were there for you to read if you wanted to. |
| 41 |
> |
| 42 |
> Gentoo does its best with the portage log messages, and has improved |
| 43 |
> recently, and I actually helped write the enotice utility that some |
| 44 |
> people use to read these things. |
| 45 |
|
| 46 |
=8^) |
| 47 |
|
| 48 |
> The bottom line, however, is that it's |
| 49 |
> still an very inconvenient format for essential documentation. Your |
| 50 |
> comment is a bit like saying that the instructions for the tool you just |
| 51 |
> bought are pasted to the inside of the shipping carton, and, well, if |
| 52 |
> you don't understand how it works, just RTFM ;-) |
| 53 |
|
| 54 |
I would have agreed with you with older portage versions, but with newer |
| 55 |
portage now tracking such messages and repeating any accumulated messages |
| 56 |
for all packages merged in that session at the end of every emerge by |
| 57 |
default, even emerges that terminate due to errors, there's much less |
| 58 |
excuse now not to be aware of what various packages are trying to tell |
| 59 |
you. I know I've found the automatic repeat of messages at the end of |
| 60 |
the emerge session extremely helpful, here, and they are still logged for |
| 61 |
reference should I need to go back and look again. |
| 62 |
|
| 63 |
> On top of this, there was nothing in the error message I got to |
| 64 |
> positively identify this problem as as Hal issue any more than a Dbus |
| 65 |
> issue. The error box text said to see the Dbus config file, which |
| 66 |
> really didn't help much. |
| 67 |
|
| 68 |
The point is... if the message had been read and followed (by whatever |
| 69 |
means the user found necessary) at the original merge, the issue would |
| 70 |
have been cleared up before it was ever encountered. =8^) |
| 71 |
|
| 72 |
However, to be fair, it's quite likely the hal merge in question was back |
| 73 |
before portage got so good at replaying its messages, and back then, it's |
| 74 |
understandable that they may have been lost in the noise, many many |
| 75 |
screens of info up from the ultimate emerge termination, so it's unfair |
| 76 |
to be too hard on someone missing the message... for a /little/ while |
| 77 |
longer, anyway. =8^) |
| 78 |
|
| 79 |
>> It would *NOT* be a "Good Thing" (r), and in fact, would be a very "Bad |
| 80 |
>> Thing" (r) to do this automatically when new users are created, as that |
| 81 |
>> kills important aspects of the Unix/Linux security model, the entire |
| 82 |
>> reason the generic "users" group isn't used in the first place. [...] |
| 83 |
> |
| 84 |
> I think one of the problems we have as sysadmins is that we often fail |
| 85 |
> to distinguish between the security model required for a classic Unix |
| 86 |
> multi-user system and a Linux desktop box which probably runs on a |
| 87 |
> private network with probably only one or two users who are logged on |
| 88 |
> sequentially rather than simultaneously. In the former case, you're |
| 89 |
> quite right. I've been seriously rethinking the matter of security for |
| 90 |
> the latter case. |
| 91 |
|
| 92 |
For a "hand-holding" distribution, I generally agree, but as I said, |
| 93 |
Gentoo has always expected its users to be able to take on a reasonable |
| 94 |
amount of responsibility for sysadminning their own system. Since this |
| 95 |
is Gentoo we are talking about, and the message is already there to point |
| 96 |
them in the right direction should they wish to go there, I think it's |
| 97 |
reasonable to expect the sysadmin to be able to take it from there. |
| 98 |
|
| 99 |
> If I'd seriously wanted to make a request, I'd have filed an enhancement |
| 100 |
> request on Gentoo bugzilla, and indeed I would have given it a good deal |
| 101 |
> more thought. |
| 102 |
|
| 103 |
OK. I just get paranoid sometimes, that people are bringing their bad |
| 104 |
habits with them, and not being properly encouraged to learn good habits |
| 105 |
in their place. I expect you'll agree that the last thing anyone wants |
| 106 |
is for Linux to end up the virus and malware wasteland its most popular |
| 107 |
competition has tended to be, and perhaps I get too worked up when I see |
| 108 |
what I take as hints that someone wants Linux to head the same direction. |
| 109 |
|
| 110 |
> This was not so much a request here as an aside, thinking |
| 111 |
> that there needs to be some documentation format more convenient than |
| 112 |
> e.g. fishing through portage logs for finding out how to properly tweak |
| 113 |
> a user account on a desktop system in order to get it to work properly |
| 114 |
> with various facilities on the host box. |
| 115 |
|
| 116 |
Well, the Gentoo GNOME, KDE and XFCE guides mention the plugdev group and |
| 117 |
that one might wish to add their users to it. So along with the mention |
| 118 |
when hal is merged, that's at least four places it's mentioned in Gentoo |
| 119 |
documentation. |
| 120 |
|
| 121 |
http://www.gentoo.org/doc/en/kde-config.xml#kde_device_mounting |
| 122 |
|
| 123 |
http://www.gentoo.org/doc/en/gnome-config.xml#doc_chap3 |
| 124 |
|
| 125 |
http://www.gentoo.org/doc/en/xfce-config.xml#doc_chap2 |
| 126 |
|
| 127 |
I think the problem is that, as with so many things, people don't read |
| 128 |
the instructions, and then wonder why they have so many problems properly |
| 129 |
operating the product. Gentoo is known for the high quality and |
| 130 |
availability of documentation; it's too bad so few people actually use it. |
| 131 |
|
| 132 |
OTOH, that just gives us that do tend to read it a chance to play guru |
| 133 |
from time to time. =8^) |
| 134 |
|
| 135 |
-- |
| 136 |
Duncan - List replies preferred. No HTML msgs. |
| 137 |
"Every nonfree program has a lord, a master -- |
| 138 |
and if you use the program, he is your master." Richard Stallman |
| 139 |
|
| 140 |
-- |
| 141 |
gentoo-desktop@g.o mailing list |
Archives