Lindsay Haisley <[EMAIL PROTECTED]> posted [EMAIL PROTECTED], excerpted below, on Sat, 20 Oct 2007 12:03:14 -0500:
> On Sat, 2007-10-20 at 04:32 +0000, Duncan wrote: >> > It would be a Good Thing if new local accounts could be added to >> > group plugdev when they're created. For a moment there, I was rather confused, as I knew I certainly didn't write what plainly looked to be attributed to me... I know it's hard to get the attributions right when your first comment is on something down the way a bit (I often find myself saying... there otta be a way), but at least put in a "[quoting a previous post]" or something, so stuff doesn't look so confusingly attributed to the wrong people. > This is mostly just wishful thinking. There are a number of groups that > a desktop user should be added to, depending on what's to be done with > the system. I quite agree with you in general on the security issue, > when I think about it, but not if the box is a single-user desktop > system. I'll admit there are certainly ways to make the management thereof easier. OTOH, Gentoo is very deliberately not aimed toward those who need a huge amount of hand-holding, and users are expected to take responsibility for sysadmining their own system -- with guidance where it may be found necessary, of course, and this is arguably one such place. Beyond that is precisely where the forums and lists like this come in. The question was a reasonable one to ask, and it was quickly and reasonably answered (if by the original poster, but answered in any case) and confirmed. Gentoo can be rightly proud of the helpful environment it has fostered in this regard, and the fact that the original poster was resourceful enough to independently find and post the answer as well (and in such a short time) supports just how resourceful our users are. =8^) >> Adding users you wish to have this access to the plugdev group is >> indeed the correct solution, and indeed, mentioned in the log messages >> for the hal package when you merge it. Check your portage messages >> log, or see the elog at the end of the hal ebuilds if necessary. So >> the instructions were there for you to read if you wanted to. > > Gentoo does its best with the portage log messages, and has improved > recently, and I actually helped write the enotice utility that some > people use to read these things. =8^) > The bottom line, however, is that it's > still an very inconvenient format for essential documentation. Your > comment is a bit like saying that the instructions for the tool you just > bought are pasted to the inside of the shipping carton, and, well, if > you don't understand how it works, just RTFM ;-) I would have agreed with you with older portage versions, but with newer portage now tracking such messages and repeating any accumulated messages for all packages merged in that session at the end of every emerge by default, even emerges that terminate due to errors, there's much less excuse now not to be aware of what various packages are trying to tell you. I know I've found the automatic repeat of messages at the end of the emerge session extremely helpful, here, and they are still logged for reference should I need to go back and look again. > On top of this, there was nothing in the error message I got to > positively identify this problem as as Hal issue any more than a Dbus > issue. The error box text said to see the Dbus config file, which > really didn't help much. The point is... if the message had been read and followed (by whatever means the user found necessary) at the original merge, the issue would have been cleared up before it was ever encountered. =8^) However, to be fair, it's quite likely the hal merge in question was back before portage got so good at replaying its messages, and back then, it's understandable that they may have been lost in the noise, many many screens of info up from the ultimate emerge termination, so it's unfair to be too hard on someone missing the message... for a /little/ while longer, anyway. =8^) >> It would *NOT* be a "Good Thing" (r), and in fact, would be a very "Bad >> Thing" (r) to do this automatically when new users are created, as that >> kills important aspects of the Unix/Linux security model, the entire >> reason the generic "users" group isn't used in the first place. [...] > > I think one of the problems we have as sysadmins is that we often fail > to distinguish between the security model required for a classic Unix > multi-user system and a Linux desktop box which probably runs on a > private network with probably only one or two users who are logged on > sequentially rather than simultaneously. In the former case, you're > quite right. I've been seriously rethinking the matter of security for > the latter case. For a "hand-holding" distribution, I generally agree, but as I said, Gentoo has always expected its users to be able to take on a reasonable amount of responsibility for sysadminning their own system. Since this is Gentoo we are talking about, and the message is already there to point them in the right direction should they wish to go there, I think it's reasonable to expect the sysadmin to be able to take it from there. > If I'd seriously wanted to make a request, I'd have filed an enhancement > request on Gentoo bugzilla, and indeed I would have given it a good deal > more thought. OK. I just get paranoid sometimes, that people are bringing their bad habits with them, and not being properly encouraged to learn good habits in their place. I expect you'll agree that the last thing anyone wants is for Linux to end up the virus and malware wasteland its most popular competition has tended to be, and perhaps I get too worked up when I see what I take as hints that someone wants Linux to head the same direction. > This was not so much a request here as an aside, thinking > that there needs to be some documentation format more convenient than > e.g. fishing through portage logs for finding out how to properly tweak > a user account on a desktop system in order to get it to work properly > with various facilities on the host box. Well, the Gentoo GNOME, KDE and XFCE guides mention the plugdev group and that one might wish to add their users to it. So along with the mention when hal is merged, that's at least four places it's mentioned in Gentoo documentation. http://www.gentoo.org/doc/en/kde-config.xml#kde_device_mounting http://www.gentoo.org/doc/en/gnome-config.xml#doc_chap3 http://www.gentoo.org/doc/en/xfce-config.xml#doc_chap2 I think the problem is that, as with so many things, people don't read the instructions, and then wonder why they have so many problems properly operating the product. Gentoo is known for the high quality and availability of documentation; it's too bad so few people actually use it. OTOH, that just gives us that do tend to read it a chance to play guru from time to time. =8^) -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman -- [EMAIL PROTECTED] mailing list
