Comment # 7 on bug 1170169 from 
I'm still not totally happy with the "allow by default" semantics of the
system.conf file. As is stated in the configuration file comment:

```
Any user or group NOT matched by an allow or a deny will be ALLOWED to
perform the action by default
```

This is usually a bad idea. We do have the "user: * deny: *" line at the end
of the configuration file. But if either an administrator mistypes something
in the configuration file, or the file processing logic is messed up again in
the code, we might open up the tool to more users than intended.

You are receiving this mail because: