From mboxrd@z Thu Jan 1 00:00:00 1970 From: erik quanstrom Date: Mon, 12 Apr 2010 10:40:51 -0400 To: 9fans@9fans.net Message-ID: <8c05f41eb1f9a25d256bbe7caf738e82@kw.quanstro.net> In-Reply-To: References: <46914d2c-437d-406e-a928-123f4d09f9f7@u15g2000prd.googlegroups.com> <2a514b8f79dfb3434a836f743f936bb2@brasstown.quanstro.net> <9c9e4b12769a946cad1659bb2a83fe0c@coraid.com> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] /sys/lib/newuser patch Topicbox-Message-UUID: ffca866c-ead5-11e9-9d60-3106f5b1d025 > 2010/4/12 hiro <23hiro@googlemail.com>: > > I have not the slightest idea about the complexity involved; And I > > think I misunderstand how much of plan9 is actually running in a > > sandbox. But what if we wanted to have a working security system for > > multiple users in 9vx. Would it be - or is it - possible? > > Yes, it is possible, but it probably requires writing something to use > PAM (or whatever authentication mechanism is set up) on the host > system. I have a few ideas for this. iirc, 9vx doesn't have devcap. the problem you're addressing can't be addressed well through #Z. unix systems act differently than plan 9 ones do. there are a host of locking, etc. questions that #Z doesn't handle either. it would be easier to use a plan 9 fs (ken fs, cwfs, fossil). then you wouldn't need to deal with unix authentication. - erik