Re: Login shell (was: Small Bug)

To: Norbert Nemec <nobbi@cheerful.com>
Cc: debian-hurd@lists.debian.org
Subject: Re: Login shell (was: Small Bug)
From: nisse@lysator.liu.se (Niels Möller)
Date: 17 Mar 2000 11:20:58 +0100
Message-id: <[🔎] nnvh2llwxh.fsf@sture.lysator.liu.se>
In-reply-to: Norbert Nemec's message of "Fri, 17 Mar 2000 00:21:33 +0100"
References: <[🔎] 20000315215247.C1828@ulysses.dhis.net> <[🔎] Pine.LNX.4.10.10003151426240.12529-100000@kanga.azure-n-jade.vpn.tadma.net> <[🔎] 20000316010119.A27203@ulysses.dhis.net> <20000316191625.A4394@DeepThought.> <[🔎] nnhfe6n44s.fsf@sture.lysator.liu.se> <20000317002133.A4974@DeepThought.>

Norbert Nemec <nobbi@cheerful.com> writes:

> Make the files world-readable and have a anonymous guest-account on your
> system - alas, you have exactly the same effect.

Not if I want to have some files which I want to be readably by any of
the ordinary users, but not by guests. You could say that I have to
use something like ACL:s to do that. But I think that guests are such
a special case that it is reasonable to let the system be aware of the
distinction between users and guests (more on this below).

> OK, there is the alternative between introducing a more complex group system
> or setting a forth set of permission bits correctly for the whole system.
> The non-logged-in permissions will have to be set by the package
> maintainers, but if we really need that functionality offered by the default
> Debian system, we could just as well make a more complex group system part
> of the policy.

I think you will find that quite difficult. It would take a draft of
such a system to convince me otherwise.

> Yes: you will need to patch about every file manager that exists out there
> that handles permissions in any way. mc, kfm, emacs, git, probably tons
> quite a list of other programs.

Well, I don't see it as a big problem if just some of the file
managers know about the extra bits. It's quite important that tools
like find know about them, though. BTW, you have a similar situation
on systems with ACL:s, but I don't think that causes any big problems.

> The question is not whether the concept of the non-logged-in user has any
> drawbacks - it simply is quite an overkill for something that can be handled
> by the existing user/group system just as well, a lot easier and much more
> flexible and compatible.

Ordinary users are individuals (or special system services), that are
*identified* by their user name or uid. So it is reasonable for tools
to assume that to be true for all users. The guest account violates
this principle, so whenever a tool makes this assumption, the guest
account becomes a security problem.

Do you know of any reasonably secure Unix system that has an enabled
guest account? I don't but perhaps I'm just ignorant. I believe it is
too much work to make a guest account secure to make it a serious
alternative.

/Niels

Reply to:

Follow-Ups:
- Re: Login shell (was: Small Bug)
  - From: Norbert Nemec <nobbi@cheerful.com>
- Re: Login shell (was: Small Bug)
  - From: Gregory Ade <gkade@bigbrother.net>

References:
- Re: Small Bug
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: Small Bug
  - From: Gregory Ade <gkade@bigbrother.net>
- Re: Small Bug
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Login shell (was: Small Bug)
  - From: Norbert Nemec <nobbi@cheerful.com>
- Re: Login shell (was: Small Bug)
  - From: nisse@lysator.liu.se (Niels Möller)
- Re: Login shell (was: Small Bug)
  - From: Norbert Nemec <nobbi@cheerful.com>

Prev by Date: Re: "Small" Bug - silly question again
Next by Date: Re: Login shell (was: Small Bug)
Previous by thread: Re: Login shell (was: Small Bug)
Next by thread: Re: Login shell (was: Small Bug)
Index(es):
- Date
- Thread