Head Up: Prepare for dropping fuse group in the nearest future
kevin.kofler at chello.at
Thu Feb 7 04:21:08 UTC 2008
Douglas McClendon <dmc.fedora <at> filteredperception.org> writes:
> default). Which seems to be worthy of discussion, since obviously there
> was some perceived benefit of structuring it that way in the first place.
IMHO, the fuse group is a really bad solution. If allowing users access to fuse
really has security issues, then these issues need to be addressed. If it
doesn't, then the access restriction is pointless.
We should really avoid groups to which users have to be added by hand as a
security measure at all cost, because it requires manual configuration. There's
a reason we used pam_console and are now using ConsoleKit (with HAL set up to
grant access based on it) rather than the infamous "plugdev group". To me this
fuse group is just plugdev reloaded.
More information about the fedora-devel-list