| 1 |
>>>>> On Fri, 20 Feb 2015, Daniel Campbell wrote: |
| 2 |
|
| 3 |
> When this becomes more widespread, what action are users urged to |
| 4 |
> take in order to "migrate" to the new system? Should our everyday |
| 5 |
> user account be removed from the `games` group, and the group should |
| 6 |
> be removed altogether? |
| 7 |
|
| 8 |
Currently, users need not take any action. |
| 9 |
|
| 10 |
In the hypothetical case that games.eclass would be abandoned, the |
| 11 |
"games" group would likely go away and should then be removed from |
| 12 |
users' systems. However, with about 1000 ebuilds currently inheriting |
| 13 |
games.eclass, I don't see that happening any time soon. There's a long |
| 14 |
discussion on this topic in the nethack bug [1]. |
| 15 |
|
| 16 |
Personally, I think that controlling who is allowed to run certain |
| 17 |
types of applications via group membership is a great idea. We should |
| 18 |
introduce that approach for other applications too. How about an |
| 19 |
"editors" group? Text editors are potentially dangerous because they |
| 20 |
allow users to modify files. Therefore, the system administrator |
| 21 |
should add only trusted users to the "editors" group so they can run |
| 22 |
programs like emacs, nano, or vim from the app-editors category. |
| 23 |
|
| 24 |
Ulrich |
| 25 |
|
| 26 |
[1] https://bugs.gentoo.org/125902 |
Archives