From: Diederik de Haas <didi.debian at cknow.org>
To: iwd at lists.01.org
Subject: Re: D-Bus policies
Date: Tue, 25 Jan 2022 23:43:58 +0100 [thread overview]
Message-ID: <1894865.INmhrTAWsV@bagend> (raw)
In-Reply-To: 02eb9123-8c12-29db-a279-1ba2a21f8e57@gmail.com
[-- Attachment #1: Type: text/plain, Size: 1936 bytes --]
On Tuesday, 25 January 2022 23:15:07 CET Denis Kenzior wrote:
> Sure, but the chances that the main user on a single-user system isn't part
> of 'wheel' or 'netdev' should be pretty small, no?
No, but it is easy to 'fix' for the main user.
When you install a Debian system, you can explicitly use the 'root' user and
then you specify root's password. Next to that a normal user account gets
created. Alternatively, you can use the sudo system which the first user, ie
you, gets added to and then you can do all root-type actions via sudo.
So the person installing the system does get full administrative permissions,
which he/she can use to further setup the system.
> The original intent was to disallow access to iwd for remote users. So, in
> the scenario above, if your friend is not part of 'netdev' or 'wheel', then
> their control of iwd should not have been possible.
Correct. But in the restricted scenario (option 2), my friend would also not
have access if directly logged on to the system (locally), if not in the
'netdev' group.
This would thus be a change in behavior as originally intended.
> > And Option 2 is restricted access.
>
> Right. We'd be 'breaking' the above scenario. But, as I mentioned before,
> how likely was this scenario in the first place? Did someone really want
> remote users to mess with wifi on their machine without netdev/wheel
> access? Arguably we're just fixing a bug.
I think we're indeed fixing a bug by allowing only netdev/wheel users the
permission to change the wifi settings.
> > For which Option would you like a patch?
>
> I'm fine with either option. It sounds like you're favoring Option 2.
> Whichever you go for, I'll let it sit on the list for a few days to see if
> anyone else complains :)
Yeah, I do favor Option 2 ;-)
A patch is coming your/the list's way (probably tomorrow, CET TZ here)
Cheers,
Diederik
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
next reply other threads:[~2022-01-25 22:43 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-25 22:43 Diederik de Haas [this message]
-- strict thread matches above, loose matches on Subject: below --
2022-01-25 22:15 D-Bus policies Denis Kenzior
2022-01-25 21:48 Diederik de Haas
2022-01-25 15:38 Denis Kenzior
2022-01-25 14:49 Diederik de Haas
2022-01-21 23:13 Denis Kenzior
2022-01-14 17:15 Diederik de Haas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1894865.INmhrTAWsV@bagend \
--to=unknown@example.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.