1 |
On Sunday, May 20, 2012 06:26:17 PM Michał Górny wrote: |
2 |
> Do we really need all of this poor man's 'you shall not play our |
3 |
> games'? I don't think we're using anything like /usr/office & office |
4 |
> group, or /usr/random-programs-i-dont-like. |
5 |
|
6 |
I'd put money on there not being a single admin who has ever used the games |
7 |
group to control access to games. Games really have no business being on a |
8 |
system where anything like that is a requirement to begin with. |
9 |
|
10 |
> So, my proposition is: finally drop that. Install games in regular |
11 |
> prefixes, like all other apps. Don't pollute systems with unnecessary |
12 |
> security perimeters which don't provide any real benefit. |
13 |
> |
14 |
> Any comments? |
15 |
|
16 |
Is there any way to keep the games group around while not doing the weird |
17 |
intrusive installation prefix? I have always disliked the prefix and don't see |
18 |
the point of it. |
19 |
|
20 |
However, requiring a special group for games restricts access by certain |
21 |
unprivileged programs which run as their own user/group for security reasons, |
22 |
thus providing a very slight security benefit. Or someone may have a user they |
23 |
use which doesn't require access to nonessential programs like games, which |
24 |
tend to be big complex programs less well-audited for security bugs. |
25 |
-- |
26 |
Dan Douglas |