Dominik 'Rathann' Mierzejewski wrote:
On Wednesday, 27 December 2006 at 20:14, Paul Michael Reilly wrote:
> I've made my FC6 laptop available to family members (including grandma)
> as a shared machine. I've taught them to log into their own session
> using "switch user" so that they are on their own vt session. Works
> nice until they want to share devices, like audio and the CD burner.
> For FC6 I have to take pains to set up permissions appropriately but it
> does occur to me to ask how Rawhide should deal with this. There seem
> to be two schools of thought:
>
> 1) Sharing devices automagically is a no-brainer; it must be turned on
> by default.
>
> 2) Sharing devices is a security weakness and no self respecting distro
> would enable such a thing by default.
>
> It's all well and good when the PC is set up by a someone reading any of
> the Redhat lists but should there come a day when Dell (or some such)
> ships RHEL this issue and lots more like it will be on the table.
>
> It does occur to me that maybe the current user (the one who currently
> owns X, the "selected" user for lack of a better description) should
> dynamically own devices but this is not very satisfying: perhaps the
> various users set their own special IM sounds in which case the distro
> is setting policy rather than mechanism. So the issue does get
> complicated quickly. Left to my own devices, I'd share the devices by
> default and build in the ability to graphically configure device sharing
> which smacks of a desktop (Gnome/KDE/Xfce/?) solution which might just
> already exist and I haven't come across such a beast.
You could put a question in anaconda (or firstboot) if you want to share
devices with console users by default and configure accordingly (g+rw for
devices and add local users to some special group?)
These sort of questions shouldnt be pushed to the user. Choose a good
default and make it easily configurable without relying on Anaconda.
Also see
http://fedoraproject.org/wiki/Desktop/FastUserSwitching which
talks about device permissions.
Rahul