Re: DE features dependent on Systemd
On Wed, 2014-12-03 at 14:25 +0100, Vincent Bernat wrote:
> ❦ 3 décembre 2014 13:55 +0100, Adam Borowski <kilobyte@angband.pl> :
>
> >> In both cases (systemd-sysv or systemd-shim), ACLs should be correctly
> >> set for the current user.
> >>
> >> This “adduser first-user audio” was already useless in squeeze and it
> >> hasn’t changed.
> >
> > Only if you run logind or consolekit. Without them (ie, on headless boxes
> > or with classic-type WMs) you do need to access the devices which are mode
> > 660 root:audio.
>
> A classic-type WM can make use of logind to get the appropriate ACL
> setup.
>
> The problem with those groups is that they are not fine grained
> enough. For example, the video group gives access to the framebuffer
> device (the user can do a screenshot) or to a webcam (the user can spy
> another user). By encouraging the use of those groups, we create big
> security hole.
If more granularity is needed, what's hindering introduction of even
more groups: like an image group and splitting the fb0 to more devices?
Or even subdirectories like /dev/snd/* for audio etc.
Reply to: