PolicyKit releases and !AWOL

Doug Klima cardoe at gentoo.org
Mon Dec 17 06:38:12 PST 2007


David Zeuthen wrote:
> On Sun, 2007-12-16 at 22:41 -0500, David Zeuthen wrote:
>   
>>> Actually its the other way around.
>>> Think of backup programs, which now have to run as root to be able to
>>> successfully create a backup, or intrusion detection systems, which
>>> check the file checksums, which can't be run unpriviledged.
>>> I hope I could give you some use cases, why it makes sense to make the
>>> files world readable.
>>>       
>
> (btw, under Windows they have a Backup Operators group that is allowed
> to read any file from any user. Unfortunately we're still stuck with the
> somewhat limited UNIX permission model that means that we have to allow
> any user to read critical system binaries even though they strictly
> don't need to. Sigh.)
>
>      David
>
> _______________________________________________
> hal mailing list
> hal at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/hal
>   
The UNIX permission model might be limited but this is why POSIX ACLs
were introduced to make up the short fall in the user,group,others
model. Additionally, the provide a useful group that could be used for
these tasks, i.e. the operators group.


More information about the hal mailing list