From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 3580 invoked from network); 23 Jan 2021 00:14:34 -0000 Received: from 1ess.inri.net (216.126.196.35) by inbox.vuxu.org with ESMTPUTF8; 23 Jan 2021 00:14:34 -0000 Received: from MTA-14-3.privateemail.com ([198.54.127.110]) by 1ess; Fri Jan 22 18:44:22 -0500 2021 Received: from mta-14.privateemail.com (localhost [127.0.0.1]) by mta-14.privateemail.com (Postfix) with ESMTP id 81118800A7 for <9front@9front.org>; Fri, 22 Jan 2021 18:44:14 -0500 (EST) Received: from localhost (unknown [10.20.151.219]) by mta-14.privateemail.com (Postfix) with ESMTPA id 78D6280061 for <9front@9front.org>; Fri, 22 Jan 2021 23:44:13 +0000 (UTC) Date: Fri, 22 Jan 2021 15:44:05 -0800 From: Anthony Martin To: 9front@9front.org Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Virus-Scanned: ClamAV using ClamSMTP List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: extensible just-in-time AJAX over XMPP map/reduce strategy Subject: [9front] notes on user none Reply-To: 9front@9front.org Precedence: bulk I remembered investigating the restrictions on user none in the past so I went and dug out my notes. They're only applicable to fossil and cwfs, though, so someone else will have to go through the hjfs code to compare. The notes are attached below. Cheers, Anthony # from /sys/doc/9.ms Finally, a special user called none has no password and is always allowed to connect; anyone may claim to be none. None has restricted permissions; for example, it is not allowed to examine dump files and can read only world-readable files. # from /sys/doc/auth.ms Factotum is the only process that needs to create capabilities, so all the network servers can run as untrusted users (e.g., Plan 9's none or Unix's nobody), which greatly reduces the harm done if a server is buggy and is compromised. # kernel - documented - anyone can become none with none(8) - undocumented - eve can change the owner of proc(3) files to none - none cannot use proc(3) to view or modify the state of other processes - none cannot create shr(3) files on 9front # cwfs(4) and fossil(4) - documented - none cannot authenticate a connection - auth(5) with uname "none" returns Rerror - none can be chaperoned on authenticated connections - attach(5) with afid NOFID sets uname to "none" - none has minimal access permissions (i.e. "world" or "other") - users in the "noworld" group are denied world access permissions - undocumented - none cannot be a group leader - wstat(5) is limited # fossil(4) - documented - none cannot attach to an unauthenticated connection - unless the -N flag is given to listen or srv - users not in the "write" group cannot modify the file system - unless the group doesn't exist - undocumented - none cannot modify file status information - wstat(5) returns Rerror # cwfs(4) - documented - none *can* attach to an unauthenticated connection - unless the nonone flag is set on 9front (undocumented) - undocumented - none cannot attach to the dump file system - attach(5) returns Rerror