9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed
From: erik quanstrom <quanstro@quanstro.net>
To: 9fans@9fans.net
Subject: Re: [9fans] Factotum vs SASL
Date: Sat, 29 Nov 2014 13:23:44 -0800	[thread overview]
Message-ID: <7fed26ea40724d100df8e86bb79b0a32@lilly.quanstro.net> (raw)
In-Reply-To: <547A388C.2030006@gr13.net>

> In my scenario, I'm (more precisely: the account I'm using) not the
> hostowner, just a plain user - in Unix terms: non-root). But that
> account has the special privileges of controlling the network
> connections. Other accounts may only choose from a predefined list
> of connections.

if you've logged into a plan 9 terminal, then you *are* the hostowner.
this is a non-problem.

"in Unix terms" doesn't work here.  root != hostowner.  they are very
different concepts.

> The network itself is controlled by some separate service (eg. network
> manager - which eg. comes quite handy for travelers, etc). Now we need
> to decide which accounts may control it or just see some status.

again, this is not how a plan 9 box would work.  when you log into the
machine, you own all the h/w.  you can do what you want.

> A traditional unix/linux approach (for local-only) would be handling
> that via groups and file permissions for the command sockets. The
> decision then would be done on login time, as the uids and gids are
> set here.

again, ...

> For a plan9-alike approach, I could imagine something where the
> factotums handle everything, so the service finally just sees an
> pseudo-user or role, and the host-factotum does the translation,
> based on some table (similar to /etc/group). For the network-manager
> example, there could be roles like "network-admin", "network-ctrl",
> "network-stat". Maybe we could even extend the factotum protocol,
> so it directly supports roles.

no factotum need apply.  :-)

- erik



  reply	other threads:[~2014-11-29 21:23 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-11-17  5:03 Enrico Weigelt, metux IT consult
2014-11-17  5:57 ` Lyndon Nerenberg
2014-11-17  6:29 ` lucio
2014-11-17 13:58   ` erik quanstrom
2014-11-17 14:14     ` lucio
2014-11-18  8:22 ` Skip Tavakkolian
2014-11-29 19:46   ` Enrico Weigelt, metux IT consult
2014-11-29 19:46     ` erik quanstrom
2014-11-29 21:20       ` Enrico Weigelt, metux IT consult
2014-11-29 21:23         ` erik quanstrom [this message]
2014-12-01  6:28           ` Enrico Weigelt, metux IT consult
2014-12-01  7:00             ` lucio
2014-12-01 10:38               ` tlaronde
2014-12-01 10:45                 ` lucio
2014-12-02  4:00                 ` Enrico Weigelt, metux IT consult
2014-12-02  4:08                   ` erik quanstrom
2014-12-02 15:40                     ` plannine
2014-12-02 16:33                       ` Wes Kussmaul
2014-12-02 20:32                       ` Skip Tavakkolian
2014-12-02 22:20                       ` Enrico Weigelt, metux IT consult
2014-12-02  9:50                   ` Richard Miller
2014-12-02 22:15                     ` Enrico Weigelt, metux IT consult
2014-12-01 12:14             ` Stuart Morrow
2014-12-02 20:32     ` Skip Tavakkolian
2015-01-01 14:55     ` Teodoro Santoni

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7fed26ea40724d100df8e86bb79b0a32@lilly.quanstro.net \
    --to=quanstro@quanstro.net \
    --cc=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).