On Mon, 22.06.09 09:33, Arnold Krille (arn...@arnoldarts.de) wrote: > On Monday 22 June 2009 02:09:36 Lennart Poettering wrote: > > Doing authorization via groups is broken, > > What??? Did you ever do administration for more then one computer??? > Authorization by groups is _the only_ way to go if you have more then one > user > to authorize for anything. > If you don't agree ask firms with intranets and net-wide authorization, look > at > yp/nis/ldap/Active Directory.
Please read up on PoliyKit. What it does, and why it has been introduced. You practically cannot take group membership away from a user after you gave it to him, and also adding a seperate group for every tiny bit you need to authorize access to doesn't scale. > > since practically you can > > never take group membership away. > > Yes, you can. Just remove the person from a group and the next time the > groups > are checked for that user, the rights are gone. Except that this doesn't work. http://hal.freedesktop.org/docs/PolicyKit/intro-define-problem.html Lennart -- Lennart Poettering Red Hat, Inc. lennart [at] poettering [dot] net http://0pointer.net/lennart/ GnuPG 0x1A015CC4 _______________________________________________ Linux-audio-dev mailing list Linux-audio-dev@lists.linuxaudio.org http://lists.linuxaudio.org/mailman/listinfo/linux-audio-dev
