Re: Login shell (was: Small Bug)

To: debian-hurd@lists.debian.org
Subject: Re: Login shell (was: Small Bug)
From: Norbert Nemec <nobbi@cheerful.com>
Date: Fri, 17 Mar 2000 00:21:33 +0100
Message-id: <20000317002133.A4974@DeepThought.>
Mail-followup-to: debian-hurd@lists.debian.org
Reply-to: Norbert Nemec <nobbi@cheerful.com>
In-reply-to: <[🔎] nnhfe6n44s.fsf@sture.lysator.liu.se>
References: <[🔎] 20000315215247.C1828@ulysses.dhis.net> <[🔎] Pine.LNX.4.10.10003151426240.12529-100000@kanga.azure-n-jade.vpn.tadma.net> <[🔎] 20000316010119.A27203@ulysses.dhis.net> <20000316191625.A4394@DeepThought.> <[🔎] nnhfe6n44s.fsf@sture.lysator.liu.se>

On Thu, Mar 16, 2000 at 07:47:47PM +0100, Niels Möller wrote:
> Norbert Nemec <nobbi@cheerful.com> writes:
> 
> > Great, that's the piece of information I was waiting for! Actually I do not
> > know any reason, why the login-shell was introduced at all! Why would you
> > allow any non-logged in user to execute any command but "login"?
> 
> Perhaps I (an ordinary user) would like to share some files in my home
> directory with the rest of the world? With the not-logged-in user
> concept, I can set the permissions appropriately, and anyone who wants
> the files can use the not-logged-in shell and get them. The
> alternative would be to set up something like a webserver, which is
> massive overkill and less convenient.

Make the files world-readable and have a anonymous guest-account on your
system - alas, you have exactly the same effect. Of course it is up to the
sysad, whether he wants to allow that. Just like a hurd-sysad may or may not
allow non-logged-in shell access.

> > Any user who has an account can simply log in and do whatever he
> > wants to do afterwards, and people who do not have accounts should
> > not be allowed to do anything! In case you really need anonymous
> > access, you can simply introduce a "guest" account on your machine,
> > just as it is done on many Linux machines already.
> 
> I don't follow you here. On Unix, you can't have a not-logged-in user,
> and you can choose whether or not to install a guest account. On HURD,
> you have the not-logged-in user, and you can choose whether or not to
> give that user shell access. In which way is the Unix way better?
> 
> I believe the HURD way even has a few advantages:
> 
> On Unix, to treat the guest specially (for instance, denying
> read-access to /etc/passwd), you would have to create a special group
> that all users except the guest user are members of, and I believe it
> will be quite messy to set up correctly. On HURD, you can simply set
> the appropriate bits, e.g. on /etc/passwd, to deny read access for
> guests.

OK, there is the alternative between introducing a more complex group system
or setting a forth set of permission bits correctly for the whole system.
The non-logged-in permissions will have to be set by the package
maintainers, but if we really need that functionality offered by the default
Debian system, we could just as well make a more complex group system part
of the policy.

> Because a guest account is an ordinary user account, as far as the OS
> is concenrned, the guest has an entry in /etc/passwd. By default, a
> user is allowed to change his or her passwd entry. You have to somehow
> disable this for the special guest user, otherwise, anyone logged in
> as guest could change the passwd or login shell on the guest account,
> causing trouble for other guests.

Using shadow passwords you already have that functionality.

> > For that reason, my suggestion would be, to drop the whole idea about the
> > login shell, and by that drop all the effort about the fourth permission set!
> > (Just think how long it will take, until all the tools are modified to
> > support that feature!)
> 
> I don't think it's that dificult. As far as I know, you need to modify
> chmod and ls and perhaps some other programs in the fileutils package.
> And you need to modify base packages with sensible defaults for the
> new bit. Am I missing something?

Yes: you will need to patch about every file manager that exists out there
that handles permissions in any way. mc, kfm, emacs, git, probably tons
quite a list of other programs.

The question is not whether the concept of the non-logged-in user has any
drawbacks - it simply is quite an overkill for something that can be handled
by the existing user/group system just as well, a lot easier and much more
flexible and compatible.

Ciao,
Nobbi

-- 
-- ______________________________________________________
-- JESUS CHRIST IS LORD!
--          To Him, even that machine here has to obey...
--
-- _________________________________Norbert "Nobbi" Nemec
-- Hindenburgstr. 44  ...  D-91054 Erlangen  ...  Germany
-- eMail: <nobbi@cheerful.com>   Tel: +49-(0)-9131-204180

Reply to:

Follow-Ups:
- Re: Login shell (was: Small Bug)
  - From: nisse@lysator.liu.se (Niels Möller)

References:
- Re: Small Bug
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: Small Bug
  - From: Gregory Ade <gkade@bigbrother.net>
- Re: Small Bug
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Login shell (was: Small Bug)
  - From: Norbert Nemec <nobbi@cheerful.com>
- Re: Login shell (was: Small Bug)
  - From: nisse@lysator.liu.se (Niels Möller)

Prev by Date: Re: "Small" Bug - silly question again
Next by Date: Re: Software ported to Hurd
Previous by thread: Re: Login shell (was: Small Bug)
Next by thread: Re: Login shell (was: Small Bug)
Index(es):
- Date
- Thread