From mboxrd@z Thu Jan  1 00:00:00 1970
Message-ID: <8859357829938d06bd512e70b6e23590@hamnavoe.com>
To: 9fans@9fans.net
From: Richard Miller <9fans@hamnavoe.com>
Date: Tue,  2 Dec 2014 09:50:21 +0000
In-Reply-To: <547D3967.2020200@gr13.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] Factotum vs SASL
Topicbox-Message-UUID: 31e360da-ead9-11e9-9d60-3106f5b1d025

> To mimic the usual Unix behaviour, I would need some getty/login-alike
> program, which asks for login credentials and then starts up things
> like shell or gui (some window-manager-/DE-alike program) as the
> corresponding, which then is _not_ the hostowner.

For this sort of functionality the computer needs to be running as
a plan 9 cpu server, not a terminal in which by definition hostowner
controls everything.

Somewhere in /contrib there is a patch which makes a few changes to
the cpu kernel to allow a login on the console by a user different
from hostowner, who then becomes termowner with permissions over
some but not all of the local hardware (eg keyboard and mouse but
not disk).  It's not hard to do.  But it's only pretend security
if the user has physical access to the machine.

The "plan 9 way" is to keep the cpu server in a locked box and
get another computer to be a terminal.  A raspberry pi doesn't
cost much.