[NTLUG:Discuss] Last meeting, you CAN have hotplugged devices automount without desktop

Leroy Tennison leroy_tennison at prodigy.net
Sat Jan 26 00:44:44 CST 2008 

Chris Cox wrote:
> Ted Gould wrote:
>> On Thu, 2008-01-24 at 23:18 -0600, Chris Cox wrote:
>>> Robert Pearson wrote:
>>>> How would you control access to these devices to include some users
>>>> and exclude others?
>>> Well... my guess is that perhaps PolicyKit would allow one to
>>> define devices for access differently between users.  Not exactly
>>> the panacea everything to everyone idea... more like this user
>>> can do these kinds of things with these kinds of devices.
>> Yes, it should.  But considering PolicyKit isn't really out in the wild,
>> and you're commenting on how it is done today (while mentioning that the
>> *Kits are useless) they don't really gel.  Yes, PolicyKit will help to
>> fix this issue, but that's the future.  Today we don't have a security
>> framework that can deal with that complexity.
>>
>>>> Perhaps there is a simple Security design. Sometimes I complicate things.
>>>> The "Rule of Thumb" in the past was "Better Safe Than Sorry" so access
>>>> was very restrictive for private Information in public places.
>>> Complicated security implementations usually end up dying.  Just
>>> my own observation.
>> Are you saying that PolicyKit will die?  AppArmor?  SELinux?
> 
> AppArmor is simple... but may die just because.  SELinux... sheesh...
> must die.  We'll have to see how PolicyKit comes out.  I may be
> very useful.  Or it could be the UCE of Linux, not enough
> benefit to be useful (especially if painful to configure or if
> it doesn't make sense).
> 
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
> 
The problem with complicated security solutions (regardless of specific 
instance, actually "complicated anything") is that they are: 
complicated.  This has disadvantages which drive people away -

They are intimidating to the new would-be user so adoption is stifled.

Even if a "guru" masters the technology, what about the poor soul(s) who 
are left to maintain it after the guru inevitably leaves the 
organization.  Then there's the fear of blackmail/extortion/etc. (the 
guru holds the keys and decides to become an adversary while still 
employed).  Finally, people like that can usually command a higher 
salary than those who don't apply themselves and thus have to accept 
lower pay.  Management hates those kind of people because they are an 
obstacle to cutting labor costs and maximizing management's compensation 
(never mind all the "you get what you pay for" arguments - such thoughts 
seem far too lofty for most management mentality though there are 
exceptions).

They tend to produce solutions which are hard to verify.  Because of the 
complexity you're never really sure there isn't one or more holes 
lurking in the maze.

More information about the Discuss mailing list