Linux fat/bloated
Walter Dnes
waltdnes-SLHPyeZ9y/tg9hUCZPvPmw at public.gmane.org
Mon Apr 10 10:27:52 UTC 2006
On Fri, Apr 07, 2006 at 01:59:29PM -0400, Lennart Sorensen wrote
> Somehow debian managed to make it run without java (I think it MIGHT
> have needed java to build).
That's been solved in the current version (2.0). It was older versions
(1.4?) that had the Java dependancy.
> Not sure why any system would not want pam anyhow.
If I were running an internet-exposed server, or letting a bunch of
people log in, I'd use either PAM or NSA SElinux. For a single-user
desktop machine, it is overkill. Not only that, "everything you know is
wrong" when it comes to configuring files. You end up using a different
set of files.
My introduction to PAM's idiosyncracies came early in my Gentoo days.
I have a regular user account for day-to-day stuff, and a dedicated (not
root) second account for certain admin stuff. I discovered that when
the first user logs on, all character devices are chowned to that user,
with permissions 600 until such time as it logs off. A user that logs
on, before user1 logs off, is out of luck if it wants to play MP3s *EVEN
IF USER1 NEVER TOUCHES AUDIO*, because /dev/sound/* and /dev/snd/* have
all been chowned exclusively to the previous logon. To allow user2 to
play MP3s, I had to log both users off, and log on user2 before logging
on user1. I can do without that garbage, thank you.
There is a place for PAM... as an optional security system in the same
menu item of "make menuconfig" as where you find NSA SElinux.
--
Walter Dnes <waltdnes-SLHPyeZ9y/tg9hUCZPvPmw at public.gmane.org> In linux /sbin/init is Job #1
My musings on technology and security at http://tech_sec.blog.ca
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list