From: Lucio De Re <lucio@proxima.alt.za>
To: 9fans@cse.psu.edu
Subject: Re: [9fans] Authentication and "emu -d"
Date: Mon, 4 Jun 2001 12:36:29 +0200 [thread overview]
Message-ID: <20010604123628.F26399@cackle.proxima.alt.za> (raw)
In-Reply-To: <20010604101017.9893F199D5@mail.cse.psu.edu>; from forsyth@caldo.demon.co.uk on Mon, Jun 04, 2001 at 11:06:18AM +0100
On Mon, Jun 04, 2001 at 11:06:18AM +0100, forsyth@caldo.demon.co.uk wrote:
>
> no, not at all, that's easy to sort out.
> it's the authentication that worries me.
Silly me, I should have figured it out.
In other mail, you advised against using "emu" setuid(root).
Thinking aloud, this would require logging in to emu rather than
wm/logon so that emu could drop its rights as early as possible.
Another option might be to drop rights (to nobody, or thereabouts)
immediately, and regain them for the prompt (ugly, the user is
quite literally in Limbo <grin> in between, but emuinit.dis could
solve that), switching to the logged in user thereafter.
I believe this is possible with saved-ids (uglier and uglier) but
I'm hardly the expert.
How one does this in Plan 9 is not clear to me, but if Plan 9 does
not provide the facility (possibly only on compute servers), then
it's a serious shortcoming.
"emu -d" under Plan 9 is OK, as long as it can match the native
user space. But that parallels the Unix model quite closely,
without the intrusion of "nobody/none" as a temporary measure
because of its background only operation.
To answer Digby Tarvin's question, then, Inferno (under Plan 9)
should be targetted for installation on a CPU server and effectively
provide only very limited services from workstations to potential
clients. Under other OSs, parallel models of operations may apply
(beware of "System" and "Administrator" under WinNT (I think 2k is
the same) which are scary concepts).
Certainly, the concept of hosted users, in a distributed, hosted
processing environment, is a touch problematic, and that's clearly
an understatement. Certainly it is unavoidable that the Inferno
user space has to be a subset of the host's, and in a heterogenous
environment that's interesting at the very least (nightmarish would
be closer to the truth).
++L
next prev parent reply other threads:[~2001-06-04 10:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-06-04 10:06 forsyth
2001-06-04 10:36 ` Lucio De Re [this message]
-- strict thread matches above, loose matches on Subject: below --
2001-06-04 11:56 presotto
2001-06-04 9:12 forsyth
2001-06-04 9:45 ` Lucio De Re
2001-06-04 8:51 Lucio De Re
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010604123628.F26399@cackle.proxima.alt.za \
--to=lucio@proxima.alt.za \
--cc=9fans@cse.psu.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).