From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <2de41cd20f02f45257f601735a0827c5@bellsouth.net> To: 9fans@9fans.net Date: Sun, 17 Oct 2010 18:58:10 -0400 From: blstuart@bellsouth.net In-Reply-To: <621112A569DAE948AD25CCDCF1C07533299A01@dolly.ntdom.cupdx> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] permissions Topicbox-Message-UUID: 68cadb62-ead6-11e9-9d60-3106f5b1d025 > servers out in our datacenter, which is a physically seperate > building down the street. While we have physical access if we > need it, generally speaking everything can be done remotely, > including rebooting a system, because the HMC manages it and > provides virtual serial consoles. Real world considerations do often outweigh philosophical ones. At Coraid, we also have a means of accessing serial consoles via the network, and for most machines, that's about all the access that's needed. >, but was thinking that since > Plan 9 doesn't recognize a root-equivalent user, the opportunity > is there to delegate permissions to any user (or group, ;) )such > that they should be able to perform root-like tasks as themselves. It's certainly possible. You could even implement a multi-level security mechanism defining some devices as more sensitive than others. It wouldn't be too hard to implement groups as we expect for the lib9p applications, by rewriting hasperm() and rebuilding the apps. For the in-kernel servers, it would be a somewhat bigger task to go through them all and see how each one deals with permissions. For those that fall back to port/dev.c, the current rules treat the group permissions as applying to eve. But again, in principle, that could be changed, though I'm not sure what might break doing so. Still, it might be an interesting experiment. > still... My point is that if one wants to open themselves up to > another avenue of attack (albeit carefully controlled) by allowing > such things to be done via network, they should be able to. So in > that sense, maybe drawterm'ing to hostowner is the appropriate answer... That's certainly the easiest solution :) > Again, thanks for your responses!! Always glad to help where I can. BLS