From: Helge Hafting <helgehaf@idb.hist.no>
To: imel96@trustix.co.id
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Single user linux
Date: Wed, 25 Apr 2001 09:57:27 +0200 [thread overview]
Message-ID: <3AE68367.FF945378@idb.hist.no> (raw)
In-Reply-To: <Pine.LNX.4.33.0104242029140.16230-100000@tessy.trustix.co.id>
imel96@trustix.co.id wrote:
> thank you very much fyi.
> if just you tried to understand it a little further:
> i didn't change all uid/gid to 0!
>
> why? so with that radical patch, users will still have
> uid/gid so programs know the user's profile.
>
> if everyone had 0/0 uid/gid, pine will open /var/spool/mail/root,
> etc.
So you want multi-user to distinguish users, but no login sequence
with typing of passwords & username.
You can have all that without changing the kernel!
Linux distributions runs things like login and getty by default,
but you don't have to do that.
If you run linux on a device not perceived as a computer,
consider this:
1. Run whatever daemons you need as root or under daemon usernames,
depending on what privileges they need.
2. Run the user interface program (X or whatever) as a user,
not root. No, they don't need a password for that. Just
start it from inittab, with a wrapper program that su's to the
appropriate user without asking for passwords.
3. If the user really need root for anything, such as changing
device configuration, use a suid configuration program. No
password needed with that approach. You probably want
a configuration program anyway as your "dumb" users probably
don't know how to edit files in /etc anyway. Making
it suid is no extra work.
Now you have both the security of linux and the ease of use of a
password-less system. Part of linux stability comes from the
fact that ordinary users cannot do anything. Crashing the
machine is easy as root, but an appliance user don't need
to be root for normal use. And the special cases which need
it can be handled by suid programs that cannot do "anything",
just the purpose they are written for.
Linux is very configurable even without patching the kernel.
A general rule is that no kernel patches is accepted for
problems that are easily solvable with simple programs.
Helge Hafting
next prev parent reply other threads:[~2001-04-25 7:58 UTC|newest]
Thread overview: 121+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.LNX.4.33.0103181407520.1426-100000@mikeg.weiden.de>
2001-03-18 14:43 ` changing mm->mmap_sem (was: Re: system call for process information?) Rik van Riel
2001-03-18 18:13 ` Linus Torvalds
2001-04-24 11:44 ` [PATCH] Single user linux imel96
2001-04-24 12:04 ` Alexander Viro
2001-04-24 12:44 ` imel96
2001-04-24 12:58 ` Daniel Stone
2001-04-24 13:27 ` imel96
2001-04-24 13:38 ` Daniel Stone
2001-04-24 14:04 ` problem found (was Re: [PATCH] Single user linux) imel96
2001-04-24 14:06 ` Daniel Stone
2001-04-24 14:47 ` Xavier Bestel
2001-04-25 18:13 ` Paul Jakma
2001-04-25 0:01 ` [PATCH] Single user linux Aaron Lehmann
2001-04-25 0:07 ` Daniel Stone
2001-04-25 0:16 ` Alan Cox
2001-04-25 0:34 ` Daniel Stone
2001-04-25 0:52 ` Gerhard Mack
2001-04-25 7:46 ` Ronald Bultje
2001-04-25 14:17 ` Disconnect
2001-04-27 20:06 ` Jim Gettys
2001-04-26 19:41 ` Pavel Machek
2001-04-27 19:00 ` Erik Mouw
2001-04-27 13:12 ` Robert Varga
2001-04-27 12:42 ` [OT] linux on pda was " Collectively Unconscious
2001-04-27 19:05 ` Erik Mouw
2001-04-27 13:34 ` Daniel Stone
2001-04-25 0:20 ` Aaron Lehmann
2001-04-25 0:32 ` Daniel Stone
2001-04-25 0:35 ` Aaron Lehmann
2001-04-25 0:43 ` Daniel Stone
2001-04-25 7:45 ` Alan Cox
2001-04-25 7:55 ` Daniel Stone
2001-04-25 15:07 ` Jonathan Lundell
2001-04-25 14:42 ` Jordan Crouse
2001-04-26 19:47 ` Pavel Machek
2001-04-25 1:12 ` Disconnect
2001-04-25 0:26 ` Jonathan Lundell
2001-04-25 7:13 ` Mike A. Harris
2001-04-26 19:54 ` agenda & vtech helio [was Re: [PATCH] Single user linux] Pavel Machek
2001-04-25 7:04 ` [PATCH] Single user linux Mike A. Harris
2001-04-26 19:35 ` Pavel Machek
2001-04-27 14:26 ` Daniel Stone
2001-04-24 13:40 ` Mohammad A. Haque
2001-04-25 5:29 ` Ben Ford
2001-04-24 12:59 ` Alexander Viro
2001-04-24 13:02 ` Sean Hunter
2001-04-24 13:03 ` Roland Seuhs
2001-04-24 13:50 ` Mike A. Harris
2001-04-24 13:13 ` Richard B. Johnson
2001-04-24 13:37 ` imel96
2001-04-25 7:57 ` Helge Hafting [this message]
2001-04-25 10:42 ` Albert D. Cahalan
2001-04-24 14:03 ` Alan Cox
2001-04-24 14:10 ` imel96
2001-04-24 14:27 ` Mike A. Harris
2001-04-24 14:30 ` Alan Cox
2001-04-24 15:07 ` Jeremy Jackson
2001-04-24 17:43 ` Russell King
2001-04-24 18:37 ` Garett Spencley
2001-04-24 12:51 ` Mohammad A. Haque
2001-04-24 13:07 ` Alexander Viro
2001-04-24 12:52 ` [OFFTOPIC] " Mike A. Harris
2001-04-24 13:18 ` Tomas Telensky
2001-04-24 13:34 ` Mohammad A. Haque
2001-04-24 13:40 ` Alexander Viro
2001-04-24 14:18 ` Alan Cox
2001-04-24 14:22 ` Alexander Viro
2001-04-24 14:37 ` Alan Cox
2001-04-24 14:41 ` Alexander Viro
2001-04-24 14:47 ` CaT
2001-04-24 14:59 ` Alan Cox
2001-04-24 15:11 ` CaT
2001-04-24 15:53 ` Alan Cox
2001-04-24 16:04 ` Alex Riesen
2001-04-24 17:02 ` Jesse Pollard
2001-04-24 17:16 ` Alan Cox
2001-04-24 17:30 ` Markus Schaber
2001-04-24 14:30 ` Gábor Lénárt
2001-04-24 14:49 ` Pjotr Kourzanoff
2001-04-24 14:56 ` Gábor Lénárt
2001-04-24 14:59 ` CaT
2001-04-24 15:17 ` Pjotr Kourzanoff
2001-04-24 14:50 ` Gerhard Mack
2001-04-24 15:00 ` Alan Cox
2001-04-24 13:37 ` Alexander Viro
2001-04-24 13:52 ` Tomas Telensky
2001-04-24 14:07 ` Alexander Viro
2001-04-24 19:03 ` David Gómez
2001-04-25 5:26 ` Ben Ford
2001-04-24 17:55 ` J Sloan
2001-04-24 17:06 ` Stephen Satchell
2001-04-24 16:55 Torrey Hoffman
[not found] <988158045.12859@whiskey.enposte.net>
2001-04-25 0:48 ` Stuart Lynne
-- strict thread matches above, loose matches on Subject: below --
2001-04-25 12:04 imel96
2001-04-25 13:00 ` Leonid Mamtchenkov
2001-04-25 13:07 ` Gerhard Mack
2001-04-25 21:30 ` John Cavan
2001-04-26 12:11 ` imel96
2001-04-26 12:24 ` David Weinehall
2001-04-26 12:36 ` Mohammad A. Haque
2001-04-26 12:33 ` Mohammad A. Haque
2001-04-26 12:34 ` Rasmus Bøg Hansen
2001-04-26 14:03 ` imel96
2001-04-26 17:00 ` Ken Brownfield
2001-04-26 17:22 ` Ian Stirling
2001-04-26 19:40 ` Mohammad A. Haque
2001-04-26 20:18 ` Ian Stirling
2001-04-26 20:47 ` Rasmus Bøg Hansen
2001-04-27 7:08 ` Albert D. Cahalan
2001-04-26 17:16 ` Stephen Satchell
2001-04-26 18:11 ` John Cavan
2001-04-27 9:30 ` imel96
2001-04-25 13:41 ` Mohammad A. Haque
2001-04-26 9:46 ` Helge Hafting
2001-04-26 11:31 ` imel96
2001-04-26 13:47 ` Ronald Bultje
2001-04-27 9:31 ` Helge Hafting
2001-04-27 13:45 ` Mohammad A. Haque
2001-04-25 18:34 Rick Hohensee
2001-04-25 20:12 ` Markus Schaber
2001-04-25 20:58 Jesse Pollard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3AE68367.FF945378@idb.hist.no \
--to=helgehaf@idb.hist.no \
--cc=imel96@trustix.co.id \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox