Re: [PATCH] Single user linux

• Next message: Mulder, Tjeerd: "Re: Problem with DHCP when using tokenring on 2.4.x"
• Previous message: Daniel Stone: "Re: [PATCH] Single user linux"
• In reply to: imel96@trustix.co.id: "Re: [PATCH] Single user linux"
• Next in thread: Albert D. Cahalan: "Re: [PATCH] Single user linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

imel96@trustix.co.id wrote:

> thank you very much fyi.
> if just you tried to understand it a little further:
> i didn't change all uid/gid to 0!
>
> why? so with that radical patch, users will still have
> uid/gid so programs know the user's profile.
>
> if everyone had 0/0 uid/gid, pine will open /var/spool/mail/root,
> etc.

So you want multi-user to distinguish users, but no login sequence
with typing of passwords & username.

You can have all that without changing the kernel!
Linux distributions runs things like login and getty by default,
but you don't have to do that.

If you run linux on a device not perceived as a computer,
consider this:

1. Run whatever daemons you need as root or under daemon usernames,
depending on what privileges they need.

2. Run the user interface program (X or whatever) as a user,
not root. No, they don't need a password for that. Just
start it from inittab, with a wrapper program that su's to the
appropriate user without asking for passwords.

3. If the user really need root for anything, such as changing
device configuration, use a suid configuration program. No
password needed with that approach. You probably want
a configuration program anyway as your "dumb" users probably
don't know how to edit files in /etc anyway. Making
it suid is no extra work.

Now you have both the security of linux and the ease of use of a
password-less system. Part of linux stability comes from the
fact that ordinary users cannot do anything. Crashing the
machine is easy as root, but an appliance user don't need
to be root for normal use. And the special cases which need
it can be handled by suid programs that cannot do "anything",
just the purpose they are written for.

Linux is very configurable even without patching the kernel.
A general rule is that no kernel patches is accepted for
problems that are easily solvable with simple programs.

Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Mulder, Tjeerd: "Re: Problem with DHCP when using tokenring on 2.4.x"
• Previous message: Daniel Stone: "Re: [PATCH] Single user linux"
• In reply to: imel96@trustix.co.id: "Re: [PATCH] Single user linux"
• Next in thread: Albert D. Cahalan: "Re: [PATCH] Single user linux"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Apr 30 2001 - 21:00:13 EST