Users and Groups

Mikkel L. Ellertson mikkel at infinity-ltd.com
Sat Dec 8 19:09:38 UTC 2007


Les Mikesell wrote:
> Mikkel L. Ellertson wrote:
> 
>> It adds one more level of control. Instead of a user being able to
>> access a device from anywhere, you can limit access to when they are
>> actually at the machine.
> 
> But the 'console' isn't something special in a multiuser system.
> Personally, I do almost all Linux work through NX/freenx, remote X, or
> ssh connections.  I may be near enough to want to use speakers or CD
> devices but not using the attached keyboard - if there is one.
> 
So? there is nothing stopping you from doing this. But if there is a
user logged into the console, then they are given the use of the
device. It works well for most users, but if it does not work for
you, change it for your system. That is what Linux is all about -
you can configure things the way you like them.
> 
>> For desktop users, it can be very useful. It can also be a
>> security measure.
> 
> If you throw away the concepts of remote access and multiuser operation.
> 
How are you throwing them away? They are still there. But there is
another concept added that works well for a lot of users. If you are
working at the local machine, instead of doing remote access, you
get the use of a configurable set of resources while you are logged
in. If you have a machine that does not have a local console, it
does not affect you.
> 
> It's not _just_ that it has always been done that way - it was done that
> way for good reasons and it doesn't make much sense to dumb down an
> elegant system designed for multiuser and network access and pretend it
> can only be accessed for certain things if you happen to be typing at a
> certain keyboard.  As an _option_ that you could active if you happen to
> have that sort of situation and don't care about network/remote access
> it would make sense, but it is throwing away a lot to pretend that it is
> only designed to be used from one special device and make the other
> things break by default.
> 
I guess you have not looked at how it works, but decided you don't
like it from what little was posted on the list. It is an option
that has been around for a long time. It has been working well. What
is giving people trouble is that it is not managing as many devices
as it did in the past. For example, all serial ports were once
controlled by console.perms. Now you have to specify the ports you
want to control, or fall back on adding users to the uucp group,
because the defaults are more restrictive.

Now, you may want to disable console.perms package, because it is
not of any benefit to you. But that does not mean it is of no
benefit to the average user. You just have to put forth the effort
to customize your system for the way you want it to work, instead of
expecting Fedora to change to match the way you want to do things.

But I expect that you will continue arguing that Fedora should do
things your way, as you always do. So I am done with this thread.

Mikkel
-- 

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20071208/10ae6712/attachment-0001.sig>


More information about the fedora-list mailing list