[NTLUG:Discuss] Last meeting, you CAN have hotplugged devices automount without desktop
Ted Gould
ted at gould.cx
Fri Jan 25 17:00:44 CST 2008
On Thu, 2008-01-24 at 23:18 -0600, Chris Cox wrote:
> Robert Pearson wrote:
> > How would you control access to these devices to include some users
> > and exclude others?
>
> Well... my guess is that perhaps PolicyKit would allow one to
> define devices for access differently between users. Not exactly
> the panacea everything to everyone idea... more like this user
> can do these kinds of things with these kinds of devices.
Yes, it should. But considering PolicyKit isn't really out in the wild,
and you're commenting on how it is done today (while mentioning that the
*Kits are useless) they don't really gel. Yes, PolicyKit will help to
fix this issue, but that's the future. Today we don't have a security
framework that can deal with that complexity.
> > Perhaps there is a simple Security design. Sometimes I complicate things.
> > The "Rule of Thumb" in the past was "Better Safe Than Sorry" so access
> > was very restrictive for private Information in public places.
>
> Complicated security implementations usually end up dying. Just
> my own observation.
Are you saying that PolicyKit will die? AppArmor? SELinux?
--Ted
More information about the Discuss
mailing list