:: Re: [DNG] automount, mount, and USB…
Página Inicial
Delete this message
Reply to this message
Autor: pp
Data:  
Para: dng
Assunto: Re: [DNG] automount, mount, and USB sticks
If I was about to make a friendly for me Desktop, I would provide a
system service/library/daemon/whatever, where every application while
installing on the system could register (during installation) a set of
commands to be executed later with root privileges. And later ask for
execution of those commands, assuming that the service will take care
of communicating with the user and authorizing such request.
So during application installation I could do audit if I want.

This way every application designed for that framework could be programmed
standard way, and Iwould have to authenticate once a while (like sudo
does).
Having control what is executed with root privileges.

Gives freedom to everybody - developer to desing the set of privileged
commands/application flow/etc, the admin/user to audit/use it.

Now, every application may solve this in its own different way.

Systemd in opposite, gives fixed set of commands, and forces all to us it.

--
regards
piotr

On Thu, 30 Jul 2015 01:30:36 +0200, Laurent Bercot <ska-devel@???>
wrote:

> On 29/07/2015 19:44, Jaromil wrote:
>> IMHO the bigger barrier to this is not having
>> a string parsing code (or basic grammar)
>> that is security oriented, I mean hardened
>> to run as root and handle corner cases
>
> The tool I linked does no parsing at all. The user gives the end
> of the command line she wants to run, but the start of the command
> line is fixed at daemon start time. One daemon per start of
> command line; you can have hundreds of those if needed, because
> each instance uses very little memory (max 2 pages of private dirty
> stack, no heap).
>
>
>> most code out there has too many features
>> and is too ambitions to fulfill such a simple task
>
> I have a lot of tools that fulfill simple tasks, specifically made
> to address these kinds of problems. When you're done with your
> priorities - releasing Devuan 1.0 -, let's talk.
>
>
>> I think I speak for most people here when I say we dislike
>> the quantity of undocumented daemons running
>> on on gnu/Linux desktop nowadays and
>> I hope we can trim that down with Devuan
>
> The real sticking point in what you just wrote is "undocumented".
> I think most people wouldn't mind a pandemonium on their machine IF
> they knew exactly what daemon is doing what, how many resources a
> daemon consumes, and how to disable the ones they don't need.
>



--
Using Opera's mail client: http://www.opera.com/mail/