On 10/28/2016 03:31 AM, John Andersen wrote:
On October 27, 2016 8:30:17 PM PDT, Andrei Borzenkov
wrote: 27.10.2016 22:27, John Andersen пишет:
Where, precisely is the correct place to adjust these things in systemd?
When user logs in on a local console, logind applies ACLs that grant this user read-write access to every device that has "uaccess" tag. Tag is set by udev rules.
That's all well and good, but people do not manage permissions by udev rules.
+1
If a user is authorized to use the CD-ROM, they have to be in the cdrom group, and perhaps at the console.
+1 I'd phrase that as "in order for a user to be authorized", but yes, that's been my experience with previous versions of openSuse, Redhat and Mageia.
And putting them back into that group appears to be all that was necessary.
... and sufficient.
So I don't see what udev has to do with it, and the root cause here must be that the update hozed the passwd and group files.
That you can still log in ... oh wait, did the installer do the thing about asking for your id and password over again? Yes, my memory is that the installer hozes the groups file. presumably that Q&A menas it has also hozed the passwd file. The UGO and groups mechanism of *NIX is an adequate and sufficient ACL mechanism. A;; you need to do is understand set (aka group) theory, draw some Venn diagrams. The abomination that is the arbitrary and unstructured ACL mechanism was one of the overlay that came about from the UNIX Systems Group pandering to the forces of academia and the mainframe mentality. we got the P/V-style locks from them too, something Richie showed was unnecessary. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org