From owner-freebsd-questions@freebsd.org Mon Aug 10 17:39:15 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9270699E964 for ; Mon, 10 Aug 2015 17:39:15 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 32CBDC61 for ; Mon, 10 Aug 2015 17:39:14 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de (port-92-195-150-34.dynamic.qsc.de [92.195.150.34]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx02.qsc.de (Postfix) with ESMTPS id 8CF8F2780F; Mon, 10 Aug 2015 19:39:06 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id t7AHd6mE002094; Mon, 10 Aug 2015 19:39:06 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Mon, 10 Aug 2015 19:39:06 +0200 From: Polytropon To: Mehmet Erol Sanliturk Cc: FreeBSD Questions Subject: Re: Permissions problem for sane Message-Id: <20150810193906.dfad0829.freebsd@edvax.de> In-Reply-To: References: <20150806104335.GA27748@ithaca.acampbell.uk> <1876444.Yqz8SnZpVd@desk8.phess.net> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Aug 2015 17:39:15 -0000 On Mon, 10 Aug 2015 01:11:27 -0700, Mehmet Erol Sanliturk wrote: > When KDE or Gnome is running , or whatever reason some of their facilities > are running during a GUI set up , permissions defined in OS level are > prevented for ordinary "user" level . In many cases those also require HAL and DBUS running. HAL has been deprecated in Linux long time ago, and is slowly fading out of the ported applications in FreeBSD. I assume DBUS will join its fate. Both will probably be replaced by Linux kernel mechanisms which are not present on FreeBSD. > When "user" needs to use some facilities , permitted for the "root" and > "user" with respect to loader.conf , or rc.conf , or other *.conf files , > also it is necessary to define them in PolicyKit or other *Kit > configuration files . That's right. Even though HAL and DBUS claimed to be "the tools" to enable those typical single-user settings, they often are not. Device recognition, automount, device access (permissions) and so on often don't work as expected because one of the many moving parts isn't moving as intended. > Mostly these files are implicitly "secret" because , there was a circular > referencing for them : > In Handbook , "see KDE/GNOME sites" , from KDE/GNOME sites "see your OS > documentation" > without any visible information about them . That's what I often call "Linux documentation mentality". I don't want to sound impolite, but due to the fact that GNU/Linux is very diverse because of the many distributions and their incompatibilities, documentation is scattered across the web: project pages, distro pages, user pages, wikis, discussion forums. "Just look there!" Sometimes I tend to say that documentation in this case is even useless: When the documentation is completed, it doesn't match the software it documents anymore. And when it has caught up to the latest version, the software is obsoletet - and even better: replaced by something that nobody wrote documentation about. "Leave it to the users. They can figure out how it works, and write documentation when they feel they need it." Or even worse: "This works without configuration, so no documentation is needed.", except it doesn't work, but who cares. :-/ This problem (or let's at least say: some issues) is often found in regards of: - wireless networking configuration - system configuration in general - scanners - printers - scanprinters - scanfaxprintercatfooddispenser - cameras (webcams) - USB mobile Internet - other consumer cheap-crap USB devices On FreeBSD, many of those devices work if the configuration has been adapted properly. But there are devices that do not want to work... > In Linux , OS and these parts are synchrony in distributions because *Kit > part are completing missing parts of OS . The distribution maintainers who create a specific Linux version tend to make sure their parts integrate well. So it's not a big deal to get something working when the preinstalled configuration is being used. For example, a distro uses KDE - everything works. Want to use Gnome or Xfce? Problems appear. This is because Linux does not have a distinction between "the OS" and "everything else" as FreeBSD has, where the OS is developed by the FreeBSD team, and the ported applications are being maintained by different people. > In FreeBSD , these *Kit's are only preventing facilities alrady present in > OS . Even though many Linux programs claim to be interoperable, they are often only interoperable in the range of Linux, not "Linux and UNIX and the like" (FreeBSD, NetBSD, OpenBSD, Solaris and so on). Development becomes more and more Linux-centric, which provides better software quality for Linux, but makes FreeBSD users suffer. The interoperability claim would suggest that a service that on Linux uses Linux mechanisms, would use FreeBSD mechanisms when run on FreeBSD. But it does not. It expects the Linux mechanisms to be present on FreeBSD. Sure, the Linux ABI is a great thing, but the FreeBSD kernel isn't the Linux kernel. As soon as kernel facilities become involved, goals will get harder to achieve. This is a massive problem with the huge dependency pyramid ("bloat") of modern mainstream software. > This situation is making FreeBSD very hard to use . Depends. If you want to use Gnome or KDE, you have to "fight the OS". You need to tear down intended (!) barriers manually. You need to sacrifice a bit of security in order to gain comfortability. This is not impossible, but it's _work_ that has to be done. Those security barriers make perfectly sense on a server or a workstation. Do you want to mount an USB stick r/w when inserted, so anybody can start copying your files? Do you want a DVD to autoplay when you insert it - because you want to copy some files from it, _later_? Do you want r/w access to a hard disk that you will be trying to do data recovery from? Do you want your computer to automatically connect to a WLAN so it can start sending unencrypted data? Or access to the the webcam view? All those questions might be answered "Yes! Do it now!" for a typical home PC where security doesn't matter. "I don't have anything to hide." However, you _can_ get things fully working, using _native_ FreeBSD means - but that often implies you cannot achieve the same level of integration as you'll find on Linux. It's important to summarize that FreeBSD and Linux are different operating systems. That nothing in the comparison of "good vs. bad", it is simply a difference worth acknowledging to prevent unrealistic expectations. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...