On 10/28/2016 03:15 PM, Carlos E. R. wrote:
The problem with adjusting groups (yes, it works) is that you have to remember to do it on all machines and all users that may need that access.
With the current method (logind-udevd) the permissions are adjusted automatically for the user on the chair, any user, the instant he seats, adjusting the ACLs temporarily. The admin needs doing nothing.
I'm sorry, that is STILL inconsistent. The login-udevd approach will still need the appropriate changes on each machine. The distributed form may be OK for you right now, on single user machines, but I can't see that it is going to be universally applicable in a more corporate, multi-seat context. Part of the changes along with systemd/logind is that ability to have multiple 'seats' on the same machine, just as we had back in the days of UNIX+terminals. Yes, some of those might be remote via modems (or later when networked, telnet). Multi-seat on a huge (e.g. quad CPU motherboard) headless processor supporting a dozen or more X11 sessions is also going to present different hardware from a personal desktop or laptop. What's in the distribution is no longer appropriate. Lets face it, in configuration terms, its never was for that setting! As for adjusting the groups (and password) on each machine in a network, well, surely so as to simplify administration and use of NFS and other stuff, a NIS service of some sort is going to be used. Doing that with YP had been around for ages; doing that with LDAP offers comparability with SAMBA and Windows. Now I'm sure that you are going to come back and tell me that (a) not everyone uses a NIS, which no doubt is true but does make me wonder, and (b) there are going to be exceptions for 'experimental/research/debug' purposes, which is also true. That latter case is also one where the admin is and operation is going to be highly 'customized' and we can't consider it a normal 'use case.' Finally, I'd point out that the udev rules, out of the box, are not customized on a per-user basis. As it is, they are every bit as static as as entries in the group file are, and those are easily customized for different users. What we really need is a RBAC approach, and presented as RBAC. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org