From owner-freebsd-hackers@freebsd.org Mon Feb 17 12:01:53 2020 Return-Path: Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id B170E257175 for ; Mon, 17 Feb 2020 12:01:53 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: from mail-oi1-f181.google.com (mail-oi1-f181.google.com [209.85.167.181]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48LjJc4Y80z451L for ; Mon, 17 Feb 2020 12:01:52 +0000 (UTC) (envelope-from mozolevsky@gmail.com) Received: by mail-oi1-f181.google.com with SMTP id d62so16387907oia.11 for ; Mon, 17 Feb 2020 04:01:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=k8T1ojxvDIZ6HrWvyPQJlH+XuTSotw1i4tiIdrFLFuI=; b=sBIbRx3fvGL7RtUcNdGs6e5gfEX81NGyUJ00NvXMzQZORnGICkxYITffjNuBWSikd0 odoSVur/NhFJtSx63Xs6LLgLDCvgus3dzzACgVpOHNwIw+DKGqonB/jlhCXNilP8hbrv m5mn79h5OE6iLMIqr3iY4PqVapxU8S28JyYnnWgpeOq7t2uSkThYlujXEwIt2fBJrZUH AI7apu04BCcUbvvA/YIW6XtSDkSfexRYBwlOqc4z7Z850PNm7mghrsOvEM/rYPD3h6br 2NdxSKOJJM3l3GDrrgZh6oC+5aDf3/Yasg+a1Skvpkd1n+l4cyIsYm6Y+7s990aRZIdZ zjIQ== X-Gm-Message-State: APjAAAXBLi2xh6Qoz6fQ4Uk9C5V7fXvxVZ3m0D9r88ZCtgUc/jqU1IGm ms5z/jOga177G+HEHQqf12GuUZNDJrwgoc4hTOc= X-Google-Smtp-Source: APXvYqwEwEX64shSoeTyFyZzfdCaaIVi64wGYY9r3b9XPtH6sENIxkxx1AP6o6kKjJ9n1xe+HOat8Gx8c5YZewKQstU= X-Received: by 2002:aca:48cd:: with SMTP id v196mr10045560oia.102.1581940910993; Mon, 17 Feb 2020 04:01:50 -0800 (PST) MIME-Version: 1.0 References: <661730512.20200217141432@mail.ru> In-Reply-To: <661730512.20200217141432@mail.ru> From: Igor Mozolevsky Date: Mon, 17 Feb 2020 12:01:14 +0000 Message-ID: Subject: Re: is there a future for user accounting (getpw* replacement) To: Anthony Pankov Cc: FreeBSD Hackers Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 48LjJc4Y80z451L X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of mozolevsky@gmail.com designates 209.85.167.181 as permitted sender) smtp.mailfrom=mozolevsky@gmail.com X-Spamd-Result: default: False [-3.05 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; DMARC_NA(0.00)[hybrid-lab.co.uk]; MIME_TRACE(0.00)[0:+]; TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[181.167.85.209.list.dnswl.org : 127.0.5.0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; IP_SCORE(-1.05)[ip: (-0.54), ipnet: 209.85.128.0/17(-3.00), asn: 15169(-1.68), country: US(-0.05)]; FORGED_SENDER(0.30)[igor@hybrid-lab.co.uk,mozolevsky@gmail.com]; FREEMAIL_TO(0.00)[mail.ru]; RWL_MAILSPIKE_POSSIBLE(0.00)[181.167.85.209.rep.mailspike.net : 127.0.0.17]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[igor@hybrid-lab.co.uk,mozolevsky@gmail.com]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Feb 2020 12:01:53 -0000 On Mon, 17 Feb 2020 at 11:15, Anthony Pankov via freebsd-hackers wrote: > > Greetings, > > I'm wondering has anybody any thoughts about user accounting > provided at the system level? > > It seems that getpw* doesn't suit the needs of application services. > All applications has some external/internal mechanism for storing and > retrieving user properties (settings, roles etc). Furthermore they > implement own security policy based on this mechanism. > > Mostly it is done via LDAP connection or internal store (as for database). > > It seems that all application developers will be more happy if OS will > have a few functions to do the things such as: > - list users of some type; > - get user properties specific to application; > - get user roles specific to application > -? > > Does anybody has thoughts about what OS must provide to keep > applications consistency and make developers happier? I think it's dangerous to conflate *application* users with *system* users, why would you want to do that in the first place? -- Igor M.