Re: Login shell (was: Small Bug)

To: Norbert Nemec <nobbi@cheerful.com>
Cc: debian-hurd@lists.debian.org
Subject: Re: Login shell (was: Small Bug)
From: nisse@lysator.liu.se (Niels Möller)
Date: 16 Mar 2000 19:47:47 +0100
Message-id: <[🔎] nnhfe6n44s.fsf@sture.lysator.liu.se>
In-reply-to: Norbert Nemec's message of "Thu, 16 Mar 2000 19:16:25 +0100"
References: <[🔎] 20000315215247.C1828@ulysses.dhis.net> <[🔎] Pine.LNX.4.10.10003151426240.12529-100000@kanga.azure-n-jade.vpn.tadma.net> <[🔎] 20000316010119.A27203@ulysses.dhis.net> <20000316191625.A4394@DeepThought.>

Norbert Nemec <nobbi@cheerful.com> writes:

> Great, that's the piece of information I was waiting for! Actually I do not
> know any reason, why the login-shell was introduced at all! Why would you
> allow any non-logged in user to execute any command but "login"?

Perhaps I (an ordinary user) would like to share some files in my home
directory with the rest of the world? With the not-logged-in user
concept, I can set the permissions appropriately, and anyone who wants
the files can use the not-logged-in shell and get them. The
alternative would be to set up something like a webserver, which is
massive overkill and less convenient.

> Any user who has an account can simply log in and do whatever he
> wants to do afterwards, and people who do not have accounts should
> not be allowed to do anything! In case you really need anonymous
> access, you can simply introduce a "guest" account on your machine,
> just as it is done on many Linux machines already.

I don't follow you here. On Unix, you can't have a not-logged-in user,
and you can choose whether or not to install a guest account. On HURD,
you have the not-logged-in user, and you can choose whether or not to
give that user shell access. In which way is the Unix way better?

I believe the HURD way even has a few advantages:

On Unix, to treat the guest specially (for instance, denying
read-access to /etc/passwd), you would have to create a special group
that all users except the guest user are members of, and I believe it
will be quite messy to set up correctly. On HURD, you can simply set
the appropriate bits, e.g. on /etc/passwd, to deny read access for
guests.

Because a guest account is an ordinary user account, as far as the OS
is concenrned, the guest has an entry in /etc/passwd. By default, a
user is allowed to change his or her passwd entry. You have to somehow
disable this for the special guest user, otherwise, anyone logged in
as guest could change the passwd or login shell on the guest account,
causing trouble for other guests.

> For that reason, my suggestion would be, to drop the whole idea about the
> login shell, and by that drop all the effort about the fourth permission set!
> (Just think how long it will take, until all the tools are modified to
> support that feature!)

I don't think it's that dificult. As far as I know, you need to modify
chmod and ls and perhaps some other programs in the fileutils package.
And you need to modify base packages with sensible defaults for the
new bit. Am I missing something?

/Niels

Reply to:

Follow-Ups:
- Re: Login shell (was: Small Bug)
  - From: Norbert Nemec <nobbi@cheerful.com>

References:
- Re: Small Bug
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: Small Bug
  - From: Gregory Ade <gkade@bigbrother.net>
- Re: Small Bug
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Login shell (was: Small Bug)
  - From: Norbert Nemec <nobbi@cheerful.com>

Prev by Date: Re: Login shell (was: Small Bug)
Next by Date: Re: Small Bug
Previous by thread: Re: Login shell (was: Small Bug)
Next by thread: Re: Login shell (was: Small Bug)
Index(es):
- Date
- Thread