[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

creating virtual users



The idea may seems, and probably is, quite strange.

But I have seen for now 2 uses for it (there probably are more than those ones). _ Building a DE which would be a complete IDE, even for command line users as me. Those of you which have written more than 500 lines of code knows that there exists tools which re-implement most of the system's features, to provide to the user an unified environment dedicated to programming. Examples for a generic IDE[1]: text edition, file browsing, window management, project management, and a lot of other tasks. Some could say that even vim and emacs reimplements such things (does text editors needs to implement window management? file locking? is not their task to simply write text? I could go deeper there, but my ideas are all except conventional so I won't. Flame wars are useless when you can't prove that your ideas are possible.). The problem being that, when a tool reimplement environment's features, it does not integrate with the look and feel of the global environment, in a portable manner (yes, this assertion includes windows. I said: portable.). _ now, I am reading documentation about TOR and TAIL[2] and am thinking that if it was possible to start programs with temporary virtual user or even system, it may make things a lot more simple to do secured[3] tasks.

For now, I only had my 1st idea in mind, which is not very very important, but, my current readings ( about security and being anonymous when using a hotel's wifi connection ) makes me think that this issue may finally be an important one, which make me needing to learn the hows and whys ( other things it made me think about: my laptop computer is absolutely not secured, and by not being hidden I avoid other people to be hidden, for example. And, yes, I think that being able to hide himself is an ability to freedom, but the problems freedom may imply are not worse than the ones that the lack of freedom will prove. I am becoming more and more paranoid it seem.... )

So, do anyone knows if there exist a desktop-usable ( windows, mac OS, linux, unix, and 'some'BSD are the only OSes that I've hear about which I can think to be usable) OS which allows a user to create a user, and if yes, which one and how? For example, when we run linux, we have a root user which is the creator of the system (uid=0 IIRC). He effectively creates a bootable system, and is the only one to have rights to create other users. If he gave to some of those users the rights to create other users, he needs to give them a total control on the system[4]. This is a problem not only about creating users, and so home environment (sub-users) dedicated to some applications, but also about installing (non-system-wide-)software as a simple user, or installing a printer or even shutting down the computer (when you have physical access to it, indeed. linux is so server-centered that common sense is very often forgotten when you use it as a laptop system. I accept those limitations happily when I see the system customization it gave me, however.). This problem led some of us to build tools like dbus, for example. But I think this is only "simple" workaround and that working around a problem simple makes things badder and badder.

There is currently no way, in any OS, at least that I've heard about, to have such a "rights'tree", something which would allow any user to create other users which would only have at maximum their parent's rights.

I guess that it would be complex to make such kind of recursive right system, but I still do not understand the reasons about why it would be complex. I may seem... hum... pretentious and/or naive... but I wonder if it would be possible to build something like a virtual ring[5] system. Or I should say a bubble system, since in the (probably stupid, since I am not at all a security guy) idea I have, every user would be able to create users with less rights than they have.
So:
_root:
  _foo
    _foo_app1
    _foo_app2
  _bar
    _bar_app1
    _bar_app2
      _bar_app2_app1
Would be possible. In this hypothetical structure, all root's children would be able to use root's tools[6], all bar's children would be able to use bar's tools.

Currently, with the few information I have about user's management in Debian, I were able to simulate a virtual user's environment[1], which is not very hard. But it have a lot of security and functionnality issues: for example, bar_app2_app1 would be able to delete files belongings to bar_app1, because for the kernel, it is the same thing. The only interest I had was that the $HOME and $PATH could be changed independently[1]. It is ok for my first needs since a programmer should me someone which is responsible for his own files, but it does not fix the problem in [2]. Also, using "$aptitude install libfoo-dev" will end nowhere, when it should install libfoo-dev only for current user... and so, only for the project the user currently works on.

Sorry for that long, unordered read, given that it will probably lead us nowhere...


1: I've got some very strange ideas about building enough tools to transform a normal DE into an IDE for OOP programmers, but since I still have nothing to show I won't speak more about it... I would not be considered as as stupid than I am ;) so I'll try to realize bases myself before.

2: and an entry in tail says something which is obvious, but that I was never able to see myself: programs in the same session can share information! With all security problems that it can make.

3: security means a lot of things for me. Making it impossible to identify the author of a document, by any mean, is one of those. Being able to transmit something and that the receiver have the exact copy is another one. And lot more. Here, I am speaking about virtual temporary system and user. Being anonymous when you do not want to be known. Think as something like C++'s philosophy: you do not pay for something you did not explicitly mention you want to pay for.

4: I am speaking about systems without sudo. sudo makes things much more complex, by giving to a simple user the identity of root under certain circumstances only. But in the end, it's still root which does those action, plus an automate which log some actions. Am I right?

5: this mail is probably very messy, but it is because I am trying to think about that in the same time that I am writing it, plus to check my wording to make it as close as possible to an hypothetical technical solution. Here is the kind of rings I am thinking about: https://en.wikipedia.org/wiki/Ring_%28computer_security%29

6: except the tools root decided to not share. This is valid for all root's leafusers too. So, we have for each user a private tool library and a public one, with the public one which is only public for it's children... like in Oriented Object Programming for private and protected members ( each object can use any protected member of it's parent, in cascading style )


Reply to: