| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA256 |
| 3 |
|
| 4 |
On 02/21/2015 01:35 AM, Ulrich Mueller wrote: |
| 5 |
>>>>>> On Fri, 20 Feb 2015, Daniel Campbell wrote: |
| 6 |
> |
| 7 |
>> When this becomes more widespread, what action are users urged |
| 8 |
>> to take in order to "migrate" to the new system? Should our |
| 9 |
>> everyday user account be removed from the `games` group, and the |
| 10 |
>> group should be removed altogether? |
| 11 |
> |
| 12 |
> Currently, users need not take any action. |
| 13 |
> |
| 14 |
> In the hypothetical case that games.eclass would be abandoned, the |
| 15 |
> "games" group would likely go away and should then be removed from |
| 16 |
> users' systems. However, with about 1000 ebuilds currently |
| 17 |
> inheriting games.eclass, I don't see that happening any time soon. |
| 18 |
> There's a long discussion on this topic in the nethack bug [1]. |
| 19 |
|
| 20 |
Okay, I'll check that out. It seems that if the group is ever deemed |
| 21 |
obsolete, it would gain a news item or something similar. |
| 22 |
|
| 23 |
> |
| 24 |
> Personally, I think that controlling who is allowed to run certain |
| 25 |
> types of applications via group membership is a great idea. We |
| 26 |
> should introduce that approach for other applications too. How |
| 27 |
> about an "editors" group? Text editors are potentially dangerous |
| 28 |
> because they allow users to modify files. Therefore, the system |
| 29 |
> administrator should add only trusted users to the "editors" group |
| 30 |
> so they can run programs like emacs, nano, or vim from the |
| 31 |
> app-editors category. |
| 32 |
> |
| 33 |
> Ulrich |
| 34 |
> |
| 35 |
> [1] https://bugs.gentoo.org/125902 |
| 36 |
> |
| 37 |
I hadn't thought of that! Would testing that idea require much beyond |
| 38 |
creating the group, adding users, and chmodding the binaries? It seems |
| 39 |
like it'd make a good USE option for those running servers with strict |
| 40 |
permission needs. Then again, isn't that what LDAP or ACL are designed |
| 41 |
to handle? |
| 42 |
-----BEGIN PGP SIGNATURE----- |
| 43 |
Version: GnuPG v2 |
| 44 |
|
| 45 |
iQEcBAEBCAAGBQJU6UByAAoJEJUrb08JgYgH80wH/RSeCKr8xF4N0WsY4mgfjtRX |
| 46 |
TOWSJI/SF+Cb38IHUupKLrP0Hyp1VQud9lI2KZTS6UVj/qUhJBdOHMT9TGeAzZvI |
| 47 |
rVss1RQMcW/ZPNhBa0M5i/mgopKqWaFyoLY9BWEqBa1cg26Sh43PbeFpdpI7wChR |
| 48 |
4ya3NO9Hzc2zLLlpMjMGCVsJsuM7E24YonD9poGYP3LmBw4ZGnNN00YWnLofFMlj |
| 49 |
8M3tr0FZ7ALlAsB2sb7vMTkUSX4s3t442Li+D1ihocZMGMSQ+NeJOwhzQAMAU7nx |
| 50 |
3kzwGg+IDaaYrDOL4FnuJ4tOtc8DGKlzLj71VvJnhsvkxh2Hn3ljUZYeaJqoY1A= |
| 51 |
=7xED |
| 52 |
-----END PGP SIGNATURE----- |
Archives