View previous topic :: View next topic |
Author |
Message |
fpemud Guru
Joined: 15 Feb 2012 Posts: 349
|
Posted: Fri Jul 12, 2013 12:39 am Post subject: how about controling dev-node priviledge by posix ACL? |
|
|
Tranditionally, device nodes in /dev are in "hardware groups" like disk, video, cdrom...
If I want to access a device, I should add myself into the corresponding group.
Could I just set "root:root" to device nodes and dynamically assign posix ACL to them using like some daemon program.
so that I can:
1. eliminate all the annoying "hardware groups"
2. get a clean user profile since I don't need to be in many secondary groups
3. manage dev-node priviledge in a central place.
4. more flexible priviledge policy |
|
Back to top |
|
|
VoidMage Watchman
Joined: 14 Oct 2006 Posts: 6196
|
Posted: Fri Jul 12, 2013 3:07 pm Post subject: |
|
|
For all of its shortcomings, consolekit (combined with udev-acl) was used to do something like that. |
|
Back to top |
|
|
fpemud Guru
Joined: 15 Feb 2012 Posts: 349
|
Posted: Fri Jul 12, 2013 11:08 pm Post subject: |
|
|
I just realized my thought is somehow relevant to the multi-seat concept. Ok, now I know why consolekit appears in the answer.
I think my thought is good, the pros are real and I don't think there's obvious cons.
Is there any program or solution proposal for this thought other than ck/systemd?
I agree with the evil of vertical integrition.
Is there any effort that implements all the good functions in ck/systemd, but get rid of their shortcomings? |
|
Back to top |
|
|
|