Re: About the login shell
On Tue, Aug 20, 2002 at 01:48:36AM +0200, Marcus Brinkmann wrote:
>
> Well, if I have a guest, I can simply tell him to use the computer, without
> creating an account first.
>
> Don't get me wrong either. The login shell is far from perfect. Much of
> the policy what is accessible from it (everything world readable by default?
> or by default nothing?) is undetermined. The idea is to have a reasonable
> guest account with it. This means that it gives the same access to it as a
> normal user account, or maybe less. We don't know.
Do we have file permission bits for the unauthentificated user? I think
there wouldn't be any security problems if, say, we had files (except
/bin/login) with chmod 6440, 7550, etc. by default. Then an unauthentificated
user is, by default, completely useless and the admin can safely decide
what kind of permissions he/she wants to give out to guests.
> Compare this with the other popular operating system, where you don't have a
> login at all by default, you are just dropped into the one standard
> desktop.
such system that spawns rootshell directly is not really a good reference.. :)
--
Robert Millan
"5 years from now everyone will be running
free GNU on their 200 MIPS, 64M SPARCstation-5"
Andrew S. Tanenbaum, 30 Jan 1992
Reply to: