On 02/06/2014 07:54 PM, berenger.morel@neutralite.org wrote: > The idea may seems, and probably is, quite strange. > > But I have seen for now 2 uses for it (there probably are more than > those ones). > _ Building a DE which would be a complete IDE, even for command line > users as me. Those of you which have written more than 500 lines of code > knows that there exists tools which re-implement most of the system's > features, to provide to the user an unified environment dedicated to > programming. Examples for a generic IDE[1]: text edition, file browsing, > window management, project management, and a lot of other tasks. Some > could say that even vim and emacs reimplements such things (does text > editors needs to implement window management? file locking? is not their > task to simply write text? I could go deeper there, but my ideas are all > except conventional so I won't. Flame wars are useless when you can't > prove that your ideas are possible.). The problem being that, when a > tool reimplement environment's features, it does not integrate with the > look and feel of the global environment, in a portable manner (yes, this > assertion includes windows. I said: portable.). > _ now, I am reading documentation about TOR and TAIL[2] and am thinking > that if it was possible to start programs with temporary virtual user or > even system, it may make things a lot more simple to do secured[3] tasks. [...] > So, do anyone knows if there exist a desktop-usable ( windows, mac OS, > linux, unix, and 'some'BSD are the only OSes that I've hear about which > I can think to be usable) OS which allows a user to create a user, and > if yes, which one and how? > For example, when we run linux, we have a root user which is the creator > of the system (uid=0 IIRC). He > effectively creates a bootable system, and is the only one to have > rights to create other users. > If he gave to some of those users the rights to create other users, he > needs to give them a total control on the system[4]. > This is a problem not only about creating users, and so home environment > (sub-users) dedicated to some applications, but also about installing > (non-system-wide-)software as a simple user, or installing a printer or > even shutting down the computer (when you have physical access to it, > indeed. linux is so server-centered that common sense is very often > forgotten when you use it as a laptop system. I accept those limitations > happily when I see the system customization it gave me, however.). This > problem led some of us to build tools like dbus, for example. But I > think this is only "simple" workaround and that working around a problem > simple makes things badder and badder. > > There is currently no way, in any OS, at least that I've heard about, to > have such a "rights'tree", something which would allow any user to > create other users which would only have at maximum their parent's rights. > > I guess that it would be complex to make such kind of recursive right > system, but I still do not understand the reasons about why it would be > complex. I do not think it is all too complex. Using the very advanced user permission management systems available (sorry, I do not know any more about it) it should be possible to create such structures -- it would then be possible to write an application (possibly employing sudo to be able to dynamically create users) to create users using a specific set of rules. > I may seem... hum... pretentious and/or naive... but I wonder if it > would be possible to build something like a virtual ring[5] system. Or I > should say a bubble system, since in the (probably stupid, since I am > not at all a security guy) idea I have, every user would be able to > create users with less rights than they have. > So: > _root: > _foo > _foo_app1 > _foo_app2 > _bar > _bar_app1 > _bar_app2 > _bar_app2_app1 > Would be possible. In this hypothetical structure, all root's children > would be able to use root's tools[6], all bar's children would be able > to use bar's tools. Sounds interesting. You could do that with nested virtualization. It is possible to start a virtual machine as "linux-fan" containing other virtual machines etc. I am sure there are some more "lightweight" approaches but that would be my first idea. Communication between the virtual machines could go through virtual network interfaces and switches all of which is possible with existing technology. > 1: I've got some very strange ideas about building enough tools to > transform a normal DE into an IDE for OOP programmers, but since I still > have nothing to show I won't speak more about it... I would not be > considered as as stupid than I am ;) so I'll try to realize bases myself > before. Once you have something to show, I would be interested to read of it! HTH Linux-Fan -- http://masysma.ohost.de/
Attachment:
signature.asc
Description: OpenPGP digital signature