pam_group (Was: ubuntu-xxx ....)
Timo Aaltonen
tjaalton at cc.hut.fi
Tue Apr 5 08:03:18 CDT 2005
On Fri, 1 Apr 2005, Matt Zimmerman wrote:
> That's only one example. It would also be possible to leave a process
> running, or a number of other persistent resources and continue to use the
> privileges later.
yes, start 'screen' from the local session and connect to it later.
> Trust us, this is not as simple as it might appear, and new kernel
> functionality is required in order to provide the semantics that you want.
I do ;) It's just that I don't see why it would be more harmful to use
pam_group instead of just giving everybody access.. But hey, I'm not
proposing Ubuntu to use this, just that it is an option for some admins
even with its shortcomings.
I noticed the SecurityPolicy page on the wiki, and it was mentioned there
as a goal that "(Only) Local users should have access" to devices. I'm
just curious; how will this eventually be made possible? Or does a
local-user mean "user that has access to a computer" and not "user that is
sitting in front of a c."?
t
More information about the ubuntu-devel
mailing list