[BRLTTY] permissions on the brlapi.key file
Dave Mielke
dave at mielke.cc
Sun Aug 28 09:48:53 EDT 2016
[quoted lines by kendell clark on 2016/08/27 at 23:41 -0500]
>I think I understand, brlapi.key is set that way to be more secure.
Yes. It's installed to be the most secure (only readable by root), and then a
distribution is free to lessen the security as it sees fit.
>Would specifying read access by everyone, but write and execute access to root
>only compromise the security?
That wouldn't be secure at all as anyone would be able to know what it is. The
reason it should be as secure as it cn be is so that untrusted people can't
take over control of what's on your braille display.
>After all, orca only needs to read the file, not change it.
That's why it should be readable by Orca without being readable by everyone.
Here's another idea. Create a new group named brlapi. Make /etc/brlapi.key
owned by root:brlapi and have permissions 640. This'd make it read-write by
root (for editing) and read-only to any user within the brlapi group. Then add
the brlapi group as a secondary login group for the gdm user (which Orca runs
as).
>I don't mean to ask for anything unreasonable, but some of my users are ...
>very demanding. They expect to plug in their display, either via usb or
>bluetooth, and have it work immediately. If they have to do so much as a
>single thing, this is hard
I agree with those users. It should just work. Making it just work, though,
shouldn't include making it work poorly.
--
Dave Mielke | 2213 Fox Crescent | The Bible is the very Word of God.
Phone: 1-613-726-0014 | Ottawa, Ontario | http://Mielke.cc/bible/
EMail: Dave at Mielke.cc | Canada K2A 1H7 | http://FamilyRadio.org/
More information about the BRLTTY
mailing list