1 |
Lindsay Haisley <fmouse-gentoo@×××.com> posted |
2 |
1192899794.10036.59.camel@××××××××××.com, excerpted below, on Sat, 20 Oct |
3 |
2007 12:03:14 -0500: |
4 |
|
5 |
> On Sat, 2007-10-20 at 04:32 +0000, Duncan wrote: |
6 |
>> > It would be a Good Thing if new local accounts could be added to |
7 |
>> > group plugdev when they're created. |
8 |
|
9 |
For a moment there, I was rather confused, as I knew I certainly didn't |
10 |
write what plainly looked to be attributed to me... I know it's hard to |
11 |
get the attributions right when your first comment is on something down |
12 |
the way a bit (I often find myself saying... there otta be a way), but at |
13 |
least put in a "[quoting a previous post]" or something, so stuff doesn't |
14 |
look so confusingly attributed to the wrong people. |
15 |
|
16 |
> This is mostly just wishful thinking. There are a number of groups that |
17 |
> a desktop user should be added to, depending on what's to be done with |
18 |
> the system. I quite agree with you in general on the security issue, |
19 |
> when I think about it, but not if the box is a single-user desktop |
20 |
> system. |
21 |
|
22 |
I'll admit there are certainly ways to make the management thereof |
23 |
easier. OTOH, Gentoo is very deliberately not aimed toward those who |
24 |
need a huge amount of hand-holding, and users are expected to take |
25 |
responsibility for sysadmining their own system -- with guidance where it |
26 |
may be found necessary, of course, and this is arguably one such place. |
27 |
|
28 |
Beyond that is precisely where the forums and lists like this come in. |
29 |
The question was a reasonable one to ask, and it was quickly and |
30 |
reasonably answered (if by the original poster, but answered in any case) |
31 |
and confirmed. Gentoo can be rightly proud of the helpful environment it |
32 |
has fostered in this regard, and the fact that the original poster was |
33 |
resourceful enough to independently find and post the answer as well (and |
34 |
in such a short time) supports just how resourceful our users are. =8^) |
35 |
|
36 |
>> Adding users you wish to have this access to the plugdev group is |
37 |
>> indeed the correct solution, and indeed, mentioned in the log messages |
38 |
>> for the hal package when you merge it. Check your portage messages |
39 |
>> log, or see the elog at the end of the hal ebuilds if necessary. So |
40 |
>> the instructions were there for you to read if you wanted to. |
41 |
> |
42 |
> Gentoo does its best with the portage log messages, and has improved |
43 |
> recently, and I actually helped write the enotice utility that some |
44 |
> people use to read these things. |
45 |
|
46 |
=8^) |
47 |
|
48 |
> The bottom line, however, is that it's |
49 |
> still an very inconvenient format for essential documentation. Your |
50 |
> comment is a bit like saying that the instructions for the tool you just |
51 |
> bought are pasted to the inside of the shipping carton, and, well, if |
52 |
> you don't understand how it works, just RTFM ;-) |
53 |
|
54 |
I would have agreed with you with older portage versions, but with newer |
55 |
portage now tracking such messages and repeating any accumulated messages |
56 |
for all packages merged in that session at the end of every emerge by |
57 |
default, even emerges that terminate due to errors, there's much less |
58 |
excuse now not to be aware of what various packages are trying to tell |
59 |
you. I know I've found the automatic repeat of messages at the end of |
60 |
the emerge session extremely helpful, here, and they are still logged for |
61 |
reference should I need to go back and look again. |
62 |
|
63 |
> On top of this, there was nothing in the error message I got to |
64 |
> positively identify this problem as as Hal issue any more than a Dbus |
65 |
> issue. The error box text said to see the Dbus config file, which |
66 |
> really didn't help much. |
67 |
|
68 |
The point is... if the message had been read and followed (by whatever |
69 |
means the user found necessary) at the original merge, the issue would |
70 |
have been cleared up before it was ever encountered. =8^) |
71 |
|
72 |
However, to be fair, it's quite likely the hal merge in question was back |
73 |
before portage got so good at replaying its messages, and back then, it's |
74 |
understandable that they may have been lost in the noise, many many |
75 |
screens of info up from the ultimate emerge termination, so it's unfair |
76 |
to be too hard on someone missing the message... for a /little/ while |
77 |
longer, anyway. =8^) |
78 |
|
79 |
>> It would *NOT* be a "Good Thing" (r), and in fact, would be a very "Bad |
80 |
>> Thing" (r) to do this automatically when new users are created, as that |
81 |
>> kills important aspects of the Unix/Linux security model, the entire |
82 |
>> reason the generic "users" group isn't used in the first place. [...] |
83 |
> |
84 |
> I think one of the problems we have as sysadmins is that we often fail |
85 |
> to distinguish between the security model required for a classic Unix |
86 |
> multi-user system and a Linux desktop box which probably runs on a |
87 |
> private network with probably only one or two users who are logged on |
88 |
> sequentially rather than simultaneously. In the former case, you're |
89 |
> quite right. I've been seriously rethinking the matter of security for |
90 |
> the latter case. |
91 |
|
92 |
For a "hand-holding" distribution, I generally agree, but as I said, |
93 |
Gentoo has always expected its users to be able to take on a reasonable |
94 |
amount of responsibility for sysadminning their own system. Since this |
95 |
is Gentoo we are talking about, and the message is already there to point |
96 |
them in the right direction should they wish to go there, I think it's |
97 |
reasonable to expect the sysadmin to be able to take it from there. |
98 |
|
99 |
> If I'd seriously wanted to make a request, I'd have filed an enhancement |
100 |
> request on Gentoo bugzilla, and indeed I would have given it a good deal |
101 |
> more thought. |
102 |
|
103 |
OK. I just get paranoid sometimes, that people are bringing their bad |
104 |
habits with them, and not being properly encouraged to learn good habits |
105 |
in their place. I expect you'll agree that the last thing anyone wants |
106 |
is for Linux to end up the virus and malware wasteland its most popular |
107 |
competition has tended to be, and perhaps I get too worked up when I see |
108 |
what I take as hints that someone wants Linux to head the same direction. |
109 |
|
110 |
> This was not so much a request here as an aside, thinking |
111 |
> that there needs to be some documentation format more convenient than |
112 |
> e.g. fishing through portage logs for finding out how to properly tweak |
113 |
> a user account on a desktop system in order to get it to work properly |
114 |
> with various facilities on the host box. |
115 |
|
116 |
Well, the Gentoo GNOME, KDE and XFCE guides mention the plugdev group and |
117 |
that one might wish to add their users to it. So along with the mention |
118 |
when hal is merged, that's at least four places it's mentioned in Gentoo |
119 |
documentation. |
120 |
|
121 |
http://www.gentoo.org/doc/en/kde-config.xml#kde_device_mounting |
122 |
|
123 |
http://www.gentoo.org/doc/en/gnome-config.xml#doc_chap3 |
124 |
|
125 |
http://www.gentoo.org/doc/en/xfce-config.xml#doc_chap2 |
126 |
|
127 |
I think the problem is that, as with so many things, people don't read |
128 |
the instructions, and then wonder why they have so many problems properly |
129 |
operating the product. Gentoo is known for the high quality and |
130 |
availability of documentation; it's too bad so few people actually use it. |
131 |
|
132 |
OTOH, that just gives us that do tend to read it a chance to play guru |
133 |
from time to time. =8^) |
134 |
|
135 |
-- |
136 |
Duncan - List replies preferred. No HTML msgs. |
137 |
"Every nonfree program has a lord, a master -- |
138 |
and if you use the program, he is your master." Richard Stallman |
139 |
|
140 |
-- |
141 |
gentoo-desktop@g.o mailing list |