From: "H. Peter Anvin" <hpa@zytor.com>
To: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] PAG support, try #2
Date: 14 May 2003 12:28:45 -0700 [thread overview]
Message-ID: <b9u5dd$sg$1@cesium.transmeta.com> (raw)
In-Reply-To: Pine.LNX.4.44.0305140924040.3107-100000@home.transmeta.com
Followup to: <Pine.LNX.4.44.0305140924040.3107-100000@home.transmeta.com>
By author: Linus Torvalds <torvalds@transmeta.com>
In newsgroup: linux.dev.kernel
>
> And "pag_t" needs to be bigger, at least 64 bits. That, together with the
> "credential == 'list of PAG'" thing means that you can choose to do things
> like:
>
> - high bits zero, low bits match the UID (ie all users automatically get
> their own "private PAG", PAM just does the joining automatically)
>
> I personally _require_ this. End of discussion. Anything that doesn't
> allow for user-friendly automatic PAG's is, in my not-so-humble
> opinion, a total waste of time, and complete CRAP.
>
> Did I make my opinion clear enough? In other words, when I log in, I
> want to automatically get certain credentials, and I consider the
> log-in sequence to be sufficient security for those credentials.
>
> Anything that isn't designed for this is WRONG.
>
> - high bits "group pattern", low bits "GUID" - same thing as UID. Some
> PAG's are automatically associated with the _group_ ID of the person.
> When I log in, and I'm in the "engineering" group, I should
> automatically get access to the "engineering PAG".
>
> - users can controlledly join other PAGs as they wish (ie if you want to
> have credentials that are on top of the automatic user credentials, you
> have to join them explicitly, which migth require a stronger password
> or something)
>
> This allows for the "extra" credentials, and it also allows for users
> joining each others PAG's at least temporarily. It also allows things
> like extra groups outside of the traditional scope of groups (ie you
> can set up ad-hoc groups by creating a new PAG, and letting others join
> it).
>
Sounds like what you really want is capabilities, and not in the
setcap sense. I think this would be marvellous, myself, and I
completely agree that we need it to be user friendly.
To some degree, groups are also capabilities, but there is too much
rigamarole surrounding them. I also think evidence has shown that
it's too hard to add or remove group ownership; you basically need the
user to log out completely in order to add or drop the new ownerships.
-=hpa
--
<hpa@transmeta.com> at work, <hpa@zytor.com> in private!
"Unix gives you enough rope to shoot yourself in the foot."
Architectures needed: ia64 m68k mips64 ppc ppc64 s390 s390x sh v850 x86-64
next prev parent reply other threads:[~2003-05-14 19:16 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-14 10:43 [PATCH] PAG support, try #2 David Howells
2003-05-14 10:56 ` Christoph Hellwig
2003-05-14 11:56 ` David Howells
2003-05-14 12:35 ` Christoph Hellwig
2003-05-14 12:45 ` William Lee Irwin III
2003-05-14 12:57 ` Jeff Garzik
2003-05-14 11:49 ` Matthew Wilcox
2003-05-14 12:03 ` David Howells
2003-05-14 16:49 ` Linus Torvalds
2003-05-14 17:37 ` David Howells
2003-05-15 11:18 ` Ingo Oeser
2003-05-18 14:51 ` Trond Myklebust
2003-05-14 19:28 ` H. Peter Anvin [this message]
2003-05-14 16:58 ` Jan Harkes
2003-05-14 17:11 ` Jan Harkes
2003-05-14 20:45 ` [OpenAFS-devel] " Harald Barth
2003-05-15 0:14 ` Garance A Drosihn
2003-05-15 0:14 ` Garance A Drosihn
2003-05-15 0:57 ` [OpenAFS-devel] " Linus Torvalds
2003-05-15 1:34 ` Trond Myklebust
2003-05-15 2:30 ` Linus Torvalds
2003-05-15 14:04 ` Dean Anderson
2003-05-15 16:20 ` Linus Torvalds
2003-05-15 16:41 ` David Howells
2003-05-15 17:23 ` Linus Torvalds
2003-05-16 12:12 ` David Howells
2003-05-15 23:00 ` Garance A Drosihn
2003-05-15 23:00 ` Garance A Drosihn
2003-05-15 23:21 ` QM_MODULES Function not implemented John Shillinglaw
2003-05-16 0:53 ` [OpenAFS-devel] Re: [PATCH] PAG support, try #2 Nathan Neulinger
2003-05-15 4:26 ` Russ Allbery
2003-05-15 4:26 ` Russ Allbery
2003-05-15 4:59 ` [OpenAFS-devel] " Linus Torvalds
2003-05-15 15:34 ` Booker Bense
2003-05-15 15:34 ` Booker Bense
2003-05-15 6:04 ` Riley Williams
2003-05-15 13:26 ` [OpenAFS-devel] " Garance A Drosihn
2003-05-15 13:26 ` Garance A Drosihn
2003-05-15 13:12 ` [OpenAFS-devel] " Garance A Drosihn
2003-05-15 13:12 ` Garance A Drosihn
2003-05-15 15:55 ` [OpenAFS-devel] " Douglas E. Engert
2003-05-15 15:55 ` Douglas E. Engert
2003-05-15 13:35 ` [OpenAFS-devel] " David Howells
2003-05-15 13:55 ` chas williams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='b9u5dd$sg$1@cesium.transmeta.com' \
--to=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.