Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Wed, 25 Apr 2001 03:58:53 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Wed, 25 Apr 2001 03:58:40 -0400 Received: from hermine.idb.hist.no ([158.38.50.15]:44296 "HELO hermine.idb.hist.no") by vger.kernel.org with SMTP id ; Wed, 25 Apr 2001 03:58:21 -0400 Message-ID: <3AE68367.FF945378@idb.hist.no> Date: Wed, 25 Apr 2001 09:57:27 +0200 From: Helge Hafting X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.4.3 i686) X-Accept-Language: no, en MIME-Version: 1.0 To: imel96@trustix.co.id CC: linux-kernel@vger.kernel.org Subject: Re: [PATCH] Single user linux In-Reply-To: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org imel96@trustix.co.id wrote: > thank you very much fyi. > if just you tried to understand it a little further: > i didn't change all uid/gid to 0! > > why? so with that radical patch, users will still have > uid/gid so programs know the user's profile. > > if everyone had 0/0 uid/gid, pine will open /var/spool/mail/root, > etc. So you want multi-user to distinguish users, but no login sequence with typing of passwords & username. You can have all that without changing the kernel! Linux distributions runs things like login and getty by default, but you don't have to do that. If you run linux on a device not perceived as a computer, consider this: 1. Run whatever daemons you need as root or under daemon usernames, depending on what privileges they need. 2. Run the user interface program (X or whatever) as a user, not root. No, they don't need a password for that. Just start it from inittab, with a wrapper program that su's to the appropriate user without asking for passwords. 3. If the user really need root for anything, such as changing device configuration, use a suid configuration program. No password needed with that approach. You probably want a configuration program anyway as your "dumb" users probably don't know how to edit files in /etc anyway. Making it suid is no extra work. Now you have both the security of linux and the ease of use of a password-less system. Part of linux stability comes from the fact that ordinary users cannot do anything. Crashing the machine is easy as root, but an appliance user don't need to be root for normal use. And the special cases which need it can be handled by suid programs that cannot do "anything", just the purpose they are written for. Linux is very configurable even without patching the kernel. A general rule is that no kernel patches is accepted for problems that are easily solvable with simple programs. Helge Hafting - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/