[haiku-development] Re: GSoC project
- From: "François Revol" <revol@xxxxxxx>
- To: haiku-development@xxxxxxxxxxxxx
- Date: Thu, 08 Apr 2010 14:38:37 +0200 CEST
Le Thu, 8 Apr 2010 13:48:34 +0200, Andreas Färber a écrit :
>
> Am 08.04.2010 um 13:10 schrieb PulkoMandy:
>
> > 2010/4/8 Ingo Weinhold <ingo_weinhold@xxxxxx>:
> >> For administrative tasks that go beyond sudo'ing some program it
> > > is
> >> quite
> >> handy to be able to log in as root. Besides "sudo bash" is usually
> >> allowed
> >> anyway.
> >
> > That's right for an unix OS. They usually don't let root log in an
> > X
> > session, and I think we'd want to do the same. But I think this
> > needs
> > some thinking about which things are root-only and which are
> > allowed
> > to the user. I'm not sure the unix way is that perfect for a
> > desktop
> > OS like Haiku. Does multiuser necessarily implies having a root
> > account ? Is the Windows way (letting one or more users having
> > "administrator" privileges) better ? how does mac os X handle it ?
>
> Solaris has a concept of assigning certain priviledges to users, too.
> For instance, DTrace proviledges can be assigned as superuser once
> and
> then can be performed as the normal user, without special invocation.
> For other tasks there's the pfexec(1) command, but no idea where the
> differences to sudo are (which exists as well).
This is called capability based security. There is quite a lot of
research in this area I think. It might be an interesting way to
explore.
The logged in user would gain the needed capabilities to use
app_server, mount filesystems... on its Tracker & Deskbar and their
child processes.
François.
Other related posts:
