Re: DE features dependent on Systemd
- To: debian-devel@lists.debian.org
- Subject: Re: DE features dependent on Systemd
- From: Marvin Renich <mrvn@renich.org>
- Date: Thu, 4 Dec 2014 10:27:37 -0500
- Message-id: <[🔎] 20141204152736.GF3826@basil.wdw>
- In-reply-to: <20141130140251.GN6563@smurf.noris.de>
- References: <CAKTje6ECfcV=F5Qou3OJXNTqN23u6Hv9OHyYxhAarmy5SjFtWA@mail.gmail.com> <201411262329.26670.envite@rolamasao.org> <87zjbd33to.fsf@hope.eyrie.org> <1417047554.17080.2.camel@kagura.malsain.org> <87a93aotd9.fsf@violet.siamics.net> <1417339417.25136.4.camel@debian.org> <87ppc5ngm5.fsf_-_@violet.siamics.net> <m3ppc4ucje.fsf@neo.luffy.cx> <873890onsa.fsf@violet.siamics.net> <20141130140251.GN6563@smurf.noris.de>
* Matthias Urlichs <matthias@urlichs.de> [141130 09:22]:
> But on a multi-user system, we can't depend on the first user being any
> sort of special owner; it might just as well be the person whose desk
> the machine is hidden under
I strongly disagree with this. The person performing the installation
clearly has root privileges while the installation is being performed,
and is much more likely to be at least one of the people responsible for
maintaining the system. While not a universal truth, there is a high
probability that this person will have additional privileges beyond a
normal user, either by the first user being added to extra groups, by
the person doing the installation having root privileges (by knowing the
root password or through sudo), or both.
As for the fallacy that adding the first user to additional groups is a
privacy or security issue, if we can agree that there is at least one
administrator with root privileges, and the first user added by the
installer likely belongs to such a person, what good does it do to not
add the first user to the audio group? With root privileges, the admin
can do all of the things mentioned in this thread to invade other users'
privacy. Trying to give a false sense of security by saying "we don't
give the first user special privileges, so you don't have to worry about
being spied on remotely" is a complete lie. If you don't trust the
administrators of your machine, then assume they are spying on you;
there is no other reasonable assumption, and refusing to add the first
user to special groups does not change that.
The only case where not adding the first user to special groups would
make a difference is when the person doing the installation for a
machine shared by multiple users asks the installer to add the first
user, but assigns that first user to one of the non-administrators of
the machine. I think this is extremely rare in practice, in both
business and home settings.
...Marvin
Reply to: