| 1 |
On Sunday, May 20, 2012 06:26:17 PM Michał Górny wrote: |
| 2 |
> Do we really need all of this poor man's 'you shall not play our |
| 3 |
> games'? I don't think we're using anything like /usr/office & office |
| 4 |
> group, or /usr/random-programs-i-dont-like. |
| 5 |
|
| 6 |
I'd put money on there not being a single admin who has ever used the games |
| 7 |
group to control access to games. Games really have no business being on a |
| 8 |
system where anything like that is a requirement to begin with. |
| 9 |
|
| 10 |
> So, my proposition is: finally drop that. Install games in regular |
| 11 |
> prefixes, like all other apps. Don't pollute systems with unnecessary |
| 12 |
> security perimeters which don't provide any real benefit. |
| 13 |
> |
| 14 |
> Any comments? |
| 15 |
|
| 16 |
Is there any way to keep the games group around while not doing the weird |
| 17 |
intrusive installation prefix? I have always disliked the prefix and don't see |
| 18 |
the point of it. |
| 19 |
|
| 20 |
However, requiring a special group for games restricts access by certain |
| 21 |
unprivileged programs which run as their own user/group for security reasons, |
| 22 |
thus providing a very slight security benefit. Or someone may have a user they |
| 23 |
use which doesn't require access to nonessential programs like games, which |
| 24 |
tend to be big complex programs less well-audited for security bugs. |
| 25 |
-- |
| 26 |
Dan Douglas |
Archives