From: erik quanstrom <quanstro@quanstro.net>
To: 9fans@9fans.net
Subject: Re: [9fans] Factotum vs SASL
Date: Sat, 29 Nov 2014 13:23:44 -0800 [thread overview]
Message-ID: <7fed26ea40724d100df8e86bb79b0a32@lilly.quanstro.net> (raw)
In-Reply-To: <547A388C.2030006@gr13.net>
> In my scenario, I'm (more precisely: the account I'm using) not the
> hostowner, just a plain user - in Unix terms: non-root). But that
> account has the special privileges of controlling the network
> connections. Other accounts may only choose from a predefined list
> of connections.
if you've logged into a plan 9 terminal, then you *are* the hostowner.
this is a non-problem.
"in Unix terms" doesn't work here. root != hostowner. they are very
different concepts.
> The network itself is controlled by some separate service (eg. network
> manager - which eg. comes quite handy for travelers, etc). Now we need
> to decide which accounts may control it or just see some status.
again, this is not how a plan 9 box would work. when you log into the
machine, you own all the h/w. you can do what you want.
> A traditional unix/linux approach (for local-only) would be handling
> that via groups and file permissions for the command sockets. The
> decision then would be done on login time, as the uids and gids are
> set here.
again, ...
> For a plan9-alike approach, I could imagine something where the
> factotums handle everything, so the service finally just sees an
> pseudo-user or role, and the host-factotum does the translation,
> based on some table (similar to /etc/group). For the network-manager
> example, there could be roles like "network-admin", "network-ctrl",
> "network-stat". Maybe we could even extend the factotum protocol,
> so it directly supports roles.
no factotum need apply. :-)
- erik
next prev parent reply other threads:[~2014-11-29 21:23 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-11-17 5:03 Enrico Weigelt, metux IT consult
2014-11-17 5:57 ` Lyndon Nerenberg
2014-11-17 6:29 ` lucio
2014-11-17 13:58 ` erik quanstrom
2014-11-17 14:14 ` lucio
2014-11-18 8:22 ` Skip Tavakkolian
2014-11-29 19:46 ` Enrico Weigelt, metux IT consult
2014-11-29 19:46 ` erik quanstrom
2014-11-29 21:20 ` Enrico Weigelt, metux IT consult
2014-11-29 21:23 ` erik quanstrom [this message]
2014-12-01 6:28 ` Enrico Weigelt, metux IT consult
2014-12-01 7:00 ` lucio
2014-12-01 10:38 ` tlaronde
2014-12-01 10:45 ` lucio
2014-12-02 4:00 ` Enrico Weigelt, metux IT consult
2014-12-02 4:08 ` erik quanstrom
2014-12-02 15:40 ` plannine
2014-12-02 16:33 ` Wes Kussmaul
2014-12-02 20:32 ` Skip Tavakkolian
2014-12-02 22:20 ` Enrico Weigelt, metux IT consult
2014-12-02 9:50 ` Richard Miller
2014-12-02 22:15 ` Enrico Weigelt, metux IT consult
2014-12-01 12:14 ` Stuart Morrow
2014-12-02 20:32 ` Skip Tavakkolian
2015-01-01 14:55 ` Teodoro Santoni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7fed26ea40724d100df8e86bb79b0a32@lilly.quanstro.net \
--to=quanstro@quanstro.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).