From owner-freebsd-hackers@freebsd.org  Wed Feb 19 12:39:36 2020
Return-Path: <owner-freebsd-hackers@freebsd.org>
Delivered-To: freebsd-hackers@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 22B20238E8C
 for <freebsd-hackers@mailman.nyi.freebsd.org>;
 Wed, 19 Feb 2020 12:39:36 +0000 (UTC)
 (envelope-from mozolevsky@gmail.com)
Received: from mail-oi1-f174.google.com (mail-oi1-f174.google.com
 [209.85.167.174])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 48My3B42Zcz4Yk0
 for <freebsd-hackers@freebsd.org>; Wed, 19 Feb 2020 12:39:34 +0000 (UTC)
 (envelope-from mozolevsky@gmail.com)
Received: by mail-oi1-f174.google.com with SMTP id p125so23612923oif.10
 for <freebsd-hackers@freebsd.org>; Wed, 19 Feb 2020 04:39:34 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=TM2ujgRky5+ul2qLbB8pkFWc/PhTka/XQISgGJuKtZE=;
 b=CCCUgbndtx7oUOuyz9Kmbgv2QKZ8tXxFcfDgXMCaYpdw2y/szWhZheoeGivDNu0ICG
 +oYWgjLRjYl1kHAMHocloFby8QjpggHoL/ST6yC7yHl9lRmHSlkzc/od3TSQg84vCc8G
 A5Dp/hADFVEvmeDf/4Cz88c4fObm7wE46cZlWNFL3rAwq3CmeGONqBHYmO9KBBOJBeyX
 AMQNFzPBEGLLOF3V40pphRtVC+JKr/LqrYnfgxq0aFlSFj9zLPjdDwO/DtmJyXZn8Kp4
 VudtRVEpa/+X3Dr9AojPgz+TBIx7+uMwBwUye/c0mxColszQQ7qFiQaZpyE6o0Xepyw3
 UsVg==
X-Gm-Message-State: APjAAAXe6bs2LFEoBhpLyZhIlaEpJJwb6JWynr4DFy4lmWgNiGuQnNTb
 G3khJdx+xMPP4Qy83WFO8CAEVTeRxsVjOB9Uz5H/lg==
X-Google-Smtp-Source: APXvYqyN0VMSTe1SOx0024FeuqTDYxwtBtXQP8/pL9vAt08JtmMGhWhBvIVyPRyTj/NrqAbbRuen6JtzQKTdOBuPca8=
X-Received: by 2002:aca:d5d3:: with SMTP id m202mr4257327oig.161.1582115973194; 
 Wed, 19 Feb 2020 04:39:33 -0800 (PST)
MIME-Version: 1.0
References: <661730512.20200217141432@mail.ru>
 <CADWvR2hG_gWYK=HZsDf5XRR+Hq2+9c-KeUP3Cj0H4ZQOzRpPyw@mail.gmail.com>
 <419974027.20200217155651@mail.ru>
 <CADWvR2iU4Ua+8hDwYHm8DeL2+L9Ywf6JyOGdnzx3QA6-HY-8LA@mail.gmail.com>
 <77695285.20200219105817@mail.ru>
In-Reply-To: <77695285.20200219105817@mail.ru>
From: Igor Mozolevsky <igor@hybrid-lab.co.uk>
Date: Wed, 19 Feb 2020 12:38:57 +0000
Message-ID: <CADWvR2iHf8okb1AqERCMTD-m0Ksf=6qqLQK6Zz1HaOcQq+fcaA@mail.gmail.com>
Subject: Re: is there a future for user accounting (getpw* replacement)
To: Anthony Pankov <ap00@mail.ru>
Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org>
Content-Type: text/plain; charset="UTF-8"
X-Rspamd-Queue-Id: 48My3B42Zcz4Yk0
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of mozolevsky@gmail.com designates
 209.85.167.174 as permitted sender) smtp.mailfrom=mozolevsky@gmail.com
X-Spamd-Result: default: False [-3.05 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17:c];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org];
 DMARC_NA(0.00)[hybrid-lab.co.uk]; MIME_TRACE(0.00)[0:+];
 TO_DN_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2];
 RCVD_IN_DNSWL_NONE(0.00)[174.167.85.209.list.dnswl.org : 127.0.5.0];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 IP_SCORE(-1.05)[ip: (-0.55), ipnet: 209.85.128.0/17(-3.00), asn: 15169(-1.68),
 country: US(-0.05)]; 
 FORGED_SENDER(0.30)[igor@hybrid-lab.co.uk,mozolevsky@gmail.com];
 FREEMAIL_TO(0.00)[mail.ru];
 RWL_MAILSPIKE_POSSIBLE(0.00)[174.167.85.209.rep.mailspike.net : 127.0.0.17];
 R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US];
 FROM_NEQ_ENVFROM(0.00)[igor@hybrid-lab.co.uk,mozolevsky@gmail.com];
 RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
 <freebsd-hackers.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers/>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
 <mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Feb 2020 12:39:36 -0000

On Wed, 19 Feb 2020 at 07:58, Anthony Pankov <ap00@mail.ru> wrote:

<snip>


> I  think  it is  greatly  depends of system appliance.  If we speak
> about   *system*   as  of part of IT infrastructure that provides some
> technical  service  then  I fully agree.  Excess users is disadvantage
> and OS survival is equal to *system* survival.
>
> But   if  our  deployment include applications human interact with
> then  *system*   concept  goes  wider. In this case OS survival is not
> equal  to *system* survival. When users/orgs lost their data or facing
> *system*   malfunction   they   don't  care  that  underlining  OS  did
> survive  and  not compromised.  I think that in wider *system* concept
> idea  to  bring to OS fine tuned users accounting that will be shared between
> applications have to be considered.


Well, a user might care if another user steals the former's data in a
misconfigured system by bypassing application admission control and
going straight to the OS! Like I said before, by the sound of it, what
you want is either RFC4422 (aka SASL), or PAM, if you really have to!


Best,

-- 
Igor M.