The breakage of permissions under recent PolKit/logind is flabbergasting. They have completely subverted UNIX groups/permissions in a difficult-to-unbreak way. And I get cheerful little update messages saying things like “You no longer need to be in the camera group to use cameras” like it’s a fucking feature (and they’re lying; they mean users logged in locally no longer need to be in the camera group – remote users still need it). If I want a user to have access to some hardware on a machine, I’ll give it permissions. If I don’t, I probably don’t for a reason. Let’s talk use cases: perhaps you would like to hide the camera from a kid’s user. Or you would like to check on something with the camera attached to your remote machine. Or work a music player via SSH. Or generally use the resources on the machine you bothered to log into remotely because why the fuck else would you have logged in there? Every one of those is now more complicated to accomplish. Adding a facility to enable/disable permissions for remote or local users might be reasonable, but just fucking breaking groups for a couple use cases no one uses is moronic. (Seriously, Fast User Switching keeps coming up as a rationale for breaking things. Has anyone, ever used fast user switching on one of the platforms that supports it? There are usually more computer-like-devices than people in a household now, it isn’t relevant.)
Can someone please come up with a straightforward way to just noop all the PolKit bullshit so I can have my UNIX box back from the FreeDesktop assholes?
I don’t even know about this logind stuff is, I just liked the anger in this post.
It’s becoming clear that the people that want to use their machine in the UNIX way are going to have to either switch to something like Slackware or move to one of the *BSDs, most likely NetBSD. The only reason that I haven’t done so is that the *BSDs do not support full disk encryption from bootloader to login prompt very well, and this is a must-have for me on a laptop.
Or you could just, you know, configure your machine like that. It’s not like every household wants to learn how to be a sysadmin, but you clearly do, so the onus is on you to setup your machine as you see fit.
Device ACLs and group stuff is really just a matter of udev rules. Just copy the rules from /usr/lib/udev/rules.d/ to /etc/udev/rules.d/ and make any customisations you want.
Honestly, do you expect your generic distribution to be designed around the needs of people like you? Distros should (and thankfully do) cater for the common use case first, but still allow configuration quite happily outside of that for the more exotic setups.
OpenBSD does have full disk encryption. With KMS, it would be the cat’s meow on your modern laptop. Without, it’s still perhaps the most consistent system with arguably the best development environment and quite a nice set of ancillary features.