Head Up: Prepare for dropping fuse group in the nearest future

Kevin Kofler kevin.kofler at chello.at
Thu Feb 7 04:21:08 UTC 2008


Douglas McClendon <dmc.fedora <at> filteredperception.org> writes:
> default).  Which seems to be worthy of discussion, since obviously there 
> was some perceived benefit of structuring it that way in the first place.

IMHO, the fuse group is a really bad solution. If allowing users access to fuse 
really has security issues, then these issues need to be addressed. If it 
doesn't, then the access restriction is pointless.

We should really avoid groups to which users have to be added by hand as a 
security measure at all cost, because it requires manual configuration. There's 
a reason we used pam_console and are now using ConsoleKit (with HAL set up to 
grant access based on it) rather than the infamous "plugdev group". To me this 
fuse group is just plugdev reloaded.

        Kevin Kofler




More information about the fedora-devel-list mailing list