[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: About the login shell



On Tue, Aug 20, 2002 at 01:48:36AM +0200, Marcus Brinkmann wrote:
> 
> Well, if I have a guest, I can simply tell him to use the computer, without
> creating an account first.
> 
> Don't get me wrong either.  The login shell is far from perfect.  Much of
> the policy what is accessible from it (everything world readable by default?
> or by default nothing?) is undetermined.  The idea is to have a reasonable
> guest account with it.  This means that it gives the same access to it as a
> normal user account, or maybe less.  We don't know.

Do we have file permission bits for the unauthentificated user? I think
there wouldn't be any security problems if, say, we had files (except
/bin/login) with chmod 6440, 7550, etc. by default. Then an unauthentificated
user is, by default, completely useless and the admin can safely decide
what kind of permissions he/she wants to give out to guests.

> Compare this with the other popular operating system, where you don't have a
> login at all by default, you are just dropped into the one standard
> desktop.

such system that spawns rootshell directly is not really a good reference.. :)

-- 
Robert Millan

"5 years from now everyone will be running
free GNU on their 200 MIPS, 64M SPARCstation-5"

              Andrew S. Tanenbaum, 30 Jan 1992



Reply to: