[systemd-devel] SD_BUS_VTABLE_CAPABILITY

Cristian Rodríguez crrodriguez at opensuse.org
Fri Apr 17 06:05:08 PDT 2015


On Fri, Apr 17, 2015 at 7:51 AM, Lennart Poettering
<lennart at poettering.net> wrote:

> Groups *suck* as authentication scheme. If you add one group for each
> privilege you want, then you'll have a huge number of groups, and
> that's hardly desirable. It's pretty close to being unmanagable with
> user/group editors. Also, you can never take group membership away,
> since users who once where members of group can create sgid binaries
> which allows them to always return into that group forever.

Not to mention, we are running out of system users and groups in
distributions (if we didn't already) and some people want us to
provide fixed UID/GID system users
across distributions for clustering applications...this is a totally
unworkable way forward.


More information about the systemd-devel mailing list