Date: Wed, 19 Feb 2020 10:58:17 +0300 From: Anthony Pankov <ap00@mail.ru> To: Igor Mozolevsky <igor@hybrid-lab.co.uk> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: is there a future for user accounting (getpw* replacement) Message-ID: <77695285.20200219105817@mail.ru> In-Reply-To: <CADWvR2iU4Ua%2B8hDwYHm8DeL2%2BL9Ywf6JyOGdnzx3QA6-HY-8LA@mail.gmail.com> References: <661730512.20200217141432@mail.ru> <CADWvR2hG_gWYK=HZsDf5XRR%2BHq2%2B9c-KeUP3Cj0H4ZQOzRpPyw@mail.gmail.com> <419974027.20200217155651@mail.ru> <CADWvR2iU4Ua%2B8hDwYHm8DeL2%2BL9Ywf6JyOGdnzx3QA6-HY-8LA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Mon, 17 Feb 2020 at 12:56, Anthony Pankov wrote: > <snip> >> > I think it's dangerous to conflate *application* users with *system* >> > users, why would you want to do that in the first place? >> >> That is the question! >> >> First of all, I think there was no technical opportunity to conflate >> applications and system users at least because uid_t is 65535 max and >> lack of custom user properties. >> >> I can note some Cons for splitting *application* and *system* users: >> >> - users of one application is not a users of another application by >> design. Applications is hard to integrate (yes, there is ldap but...); > ... and SASL, and PAM (if you really have to)... and Federation (if > you really-really have to)... Why should the OS be "Application > Aware"? >> - each application has own accounting implementation which enlarge >> attack surface. Furthermore, application developers do not really want >> to implement any user accounting parts because it is far away from >> application functioning. As a result it usually implemented >> "somehow". > You speak of enlarging the attack surface, but that attack surface is > limited to the single application (or a badly designed collaboration > of several)! You do realise that if one were to have a universal > "user" awareness, then one compromised account exposes the whole > system?! The problem you describe seems to be the "lazy app > developers" who can't be bothered to do things properly and want to > palm off what is essentially the application logic down to the layer > below. >> - applications users are out of system control. There is a system >> users, application users, and daemons. It seems there is no >> chance to do the thing really right in mean of access control >> of entire system (OS +applications). > If the application users are out the system control, then application > users cannot interfere with the system, and that sounds like a very > sound design! ;-) I think it is greatly depends of system appliance. If we speak about *system* as of part of IT infrastructure that provides some technical service then I fully agree. Excess users is disadvantage and OS survival is equal to *system* survival. But if our deployment include applications human interact with then *system* concept goes wider. In this case OS survival is not equal to *system* survival. When users/orgs lost their data or facing *system* malfunction they don't care that underlining OS did survive and not compromised. I think that in wider *system* concept idea to bring to OS fine tuned users accounting that will be shared between applications have to be considered. -- Best regards, Anthony mailto:ap00@mail.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?77695285.20200219105817>