Re: [PATCH] Single user linux

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Ken Brownfield <brownfld@irridia.com>
To: <imel96@trustix.co.id>
Cc: <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] Single user linux
Date: Thu, 26 Apr 2001 10:00:02 -0700	[thread overview]
Message-ID: <200104261700.MAA13391@asooo.flowerfire.com> (raw)
In-Reply-To: <Pine.LNX.4.33.0104262026140.1816-100000@tessy.trustix.co.id>

On Thursday, April 26, 2001, at 07:03 AM, <imel96@trustix.co.id> wrote:
> he owns the computer, he may do anything he wants.

This sentence really stood out for me, and implies a profound lack of 
understanding of multi-user machines.  No offense intended.

I've been a Unix admin for over ten years, and I like to think that I 
know my way around pretty well.  But I do not and will NEVER log in to a 
machine as root to do work.  I am the only user of my MacOS X laptop and 
home Linux boxes, and I still have my own personal login on all of 
them.  What's at issue is not ownership or trust, but one of 
accountability and safety.

Any OS worth its weight in silicon will make a distinction between 
blessed and unblessed users.  It can be phrased in different ways -- 
root vs. non-root, admin vs. non-admin.  But no one should EVER log in 
to a machine as root.  Period. (1)

Multi-user/modern operating systems exist precisely to destroy the fatal 
flaw that you are attempting to reintroduce.  Users should have reduced 
privileges during normal use, and conditional privilege on demand.  Safe 
from User Error and no less functional on GUI-based systems.

People keep saying this, but I'll say it again.  This can easily be done 
in user-space.  This HAS been done.  Many times.  Well.  It's possible 
to put a user in privileged mode automatically, but I'm not convinced 
that an extra prompt to go into privileged mode is a bad thing from a 
usability standpoint.

So it doesn't need to be in the kernel.  And why put it there if it 
doesn't need to be?  Even if it's off by default, it's bloat.  And 
dangerous, conceptually flawed bloat that can't be disabled with 
'chkconfig' or 'rpm -e'.  And how many people will use it?  And should 
the kernel group allow them to from an out-of-box kernel?  As I 
understand it, part of the responsibility of the maintainers is to 
maintain a conceptually focused kernel.  There's nothing preventing you 
from distributing your patch, but inserting this into "the" kernel seems 
unacceptable IMVHO.

I think we understand the "why" of your patch, but I think you need to 
elucidate further on how the ends justify the means.

Sorry to kick a dead horse,
--
Ken.
brownfld@irridia.com

(1) Except for gnarly testbed/admin machines, etc. etc.

next prev parent reply	other threads:[~2001-04-26 17:00 UTC|newest]

Thread overview: 84+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-04-25 12:04 [PATCH] Single user linux imel96
2001-04-25 13:00 ` Leonid Mamtchenkov
2001-04-25 13:07 ` Gerhard Mack
2001-04-25 21:30   ` John Cavan
2001-04-26 12:11     ` imel96
2001-04-26 12:24       ` David Weinehall
2001-04-26 12:36         ` Mohammad A. Haque
2001-04-26 12:33       ` Mohammad A. Haque
2001-04-26 12:34       ` Rasmus Bøg Hansen
2001-04-26 14:03         ` imel96
2001-04-26 17:00           ` Ken Brownfield [this message]
2001-04-26 17:22             ` Ian Stirling
2001-04-26 19:40               ` Mohammad A. Haque
2001-04-26 20:18                 ` Ian Stirling
2001-04-26 20:47           ` Rasmus Bøg Hansen
2001-04-27  7:08           ` Albert D. Cahalan
2001-04-26 17:16         ` Stephen Satchell
2001-04-26 18:11       ` John Cavan
2001-04-27  9:30         ` imel96
2001-04-25 13:41 ` Mohammad A. Haque
2001-04-26  9:46 ` Helge Hafting
2001-04-26 11:31   ` imel96
2001-04-26 13:47     ` Ronald Bultje
2001-04-27  9:31     ` Helge Hafting
2001-04-27 13:45       ` Mohammad A. Haque
  -- strict thread matches above, loose matches on Subject: below --
2001-04-25 20:58 Jesse Pollard
2001-04-25 18:34 Rick Hohensee
2001-04-25 20:12 ` Markus Schaber
     [not found] <988158045.12859@whiskey.enposte.net>
2001-04-25  0:48 ` Stuart Lynne
     [not found] <Pine.LNX.4.33.0104241830020.11899-100000@tessy.trustix.co. id>
2001-03-18 18:13 ` changing mm->mmap_sem (was: Re: system call for process information?) Linus Torvalds
2001-04-24 11:44   ` [PATCH] Single user linux imel96
2001-04-24 12:04     ` Alexander Viro
2001-04-24 12:44       ` imel96
2001-04-24 12:58         ` Daniel Stone
2001-04-24 13:27           ` imel96
2001-04-24 13:38             ` Daniel Stone
2001-04-25  0:01               ` Aaron Lehmann
2001-04-25  0:07                 ` Daniel Stone
2001-04-25  0:16                   ` Alan Cox
2001-04-25  0:34                     ` Daniel Stone
2001-04-25  0:52                       ` Gerhard Mack
2001-04-25  7:46                         ` Ronald Bultje
2001-04-25 14:17                           ` Disconnect
2001-04-27 20:06                             ` Jim Gettys
2001-04-26 19:41                         ` Pavel Machek
2001-04-27 19:00                           ` Erik Mouw
2001-04-27 13:12                       ` Robert Varga
2001-04-27 13:34                         ` Daniel Stone
2001-04-25  0:20                   ` Aaron Lehmann
2001-04-25  0:32                     ` Daniel Stone
2001-04-25  0:35                       ` Aaron Lehmann
2001-04-25  0:43                         ` Daniel Stone
2001-04-25  7:45                       ` Alan Cox
2001-04-25  7:55                         ` Daniel Stone
2001-04-25 15:07                         ` Jonathan Lundell
2001-04-25 14:42                       ` Jordan Crouse
2001-04-26 19:47                       ` Pavel Machek
2001-04-25  1:12                     ` Disconnect
2001-04-25  0:26                 ` Jonathan Lundell
2001-04-25  7:13                   ` Mike A. Harris
2001-04-25  7:04                 ` Mike A. Harris
2001-04-26 19:35               ` Pavel Machek
2001-04-27 14:26                 ` Daniel Stone
2001-04-24 13:40             ` Mohammad A. Haque
2001-04-25  5:29             ` Ben Ford
2001-04-24 12:59         ` Alexander Viro
2001-04-24 13:02         ` Sean Hunter
2001-04-24 13:03         ` Roland Seuhs
2001-04-24 13:50           ` Mike A. Harris
2001-04-24 13:13         ` Richard B. Johnson
2001-04-24 13:37           ` imel96
2001-04-25  7:57             ` Helge Hafting
2001-04-25 10:42             ` Albert D. Cahalan
2001-04-24 14:03         ` Alan Cox
2001-04-24 14:10           ` imel96
2001-04-24 14:27             ` Mike A. Harris
2001-04-24 14:30             ` Alan Cox
2001-04-24 15:07           ` Jeremy Jackson
2001-04-24 17:43         ` Russell King
2001-04-24 18:37         ` Garett Spencley
2001-04-24 12:51     ` Mohammad A. Haque
2001-04-24 13:07       ` Alexander Viro
2001-04-24 17:55     ` J Sloan
2001-04-24 17:06   ` Stephen Satchell
2001-04-24 16:55 Torrey Hoffman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200104261700.MAA13391@asooo.flowerfire.com \
    --to=brownfld@irridia.com \
    --cc=imel96@trustix.co.id \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox