Groups, permisions, work flow

[David Henningsson]

On 01/24/2012 04:15 PM, Ralf Madorf wrote:
> On Tue, 2012-01-24 at 09:48 +0100, David Henningsson wrote:
>> Or possibly one could add some kind of script that would give RT prio to
>> the current logged in user (and remove it if the user logs out)?
>
> So you assume that there never will be more than one user be logged in?

I guess having more than one user being logged in *at the same time*  is 
fairly uncommon. Just as ConsoleKit would remove ACL file permissions on 
logging out, maybe it could remove RT prio stuff as well. I don't know 
how possible this is though.

> There's no need to remove a user from the group audio. There's no need
> to handle this by a script.
>
> If for a multi-user-system there shouldn't be an admin with knowledge,
> it soon or later will cause issues.

One of the advantages of Linux is that the line between "single user 
system" and "multi user system" is blurry. E g, I could run a web server 
or other service on the same machine as I use for audio production. This 
is great, it saves hardware. If a malicious user breaks in to the web 
server, I don't want him to be able to use RT prio to lock down the 
entire machine.

If Ubuntu Studio wants to be insecure in that sense, I guess that would 
be okay (to me personally, I can't speak for Ubuntu's security team), 
but I would definitely not have it in the Ubuntu by default.

-- 
David Henningsson, Canonical Ltd.
http://launchpad.net/~diwic