[openbeos] Re: Singleuser vs Multiuser

  • From: "Michael Phipps" <mphipps1@xxxxxxxxxxxxxxxx>
  • To: openbeos@xxxxxxxxxxxxx
  • Date: Wed, 12 Dec 2001 20:48:48 -0500

>On Wed, 12 Dec 2001, Michael Phipps wrote:
>> The question is more of priority and preference.
>I know I've been very silent lately (a project and a deadline to go with
>it at work has kept me from anything but reading here), but now I'm
>starting to gear up again.

I understand that! :-) Those silly paying jobs keep getting in the way of my 
real work. :-)

>This singleuser vs multiuser topic confirms my feelings that there's are
>some deeper ideological differences here. Coming from a UNIX background I 
>can't imagine an OS which doesn't always assume there's multiple users and 
>they are protected from each other.
>Now, BeOS doesn't enforce this, but it seems that the data structures are in 
>place, so it would not be impossible to make BeOS multiuser.

I, too, come from a Unix background. I use my NT box at work to telnet into 
Slowlaris and use vim and makefiles all day long. :-) BeOS not only does not 
enforce multi-user, but pretty much specifically excludes it in many ways. Take 
my previous example - clone_area(). This is a *huge* no-no in a secure system. 
There are many such cases where security is a huge issue. Accelerants are 
another. These are not implementation details or bugs, but *design* issues. 
BeOS was not designed to be a secure box that prevents intentional tampering. 
It makes accidental cross-app failures hard to create. It does a very nice job 
of being super stable. But a user who is malicious can easily exploit knows 
issues in the OS to "break in". 

Impossible? No. In software, nearly everything is possible. Is everything a 
good idea, though, is another question?

>I think however, that since we are rewriting the OS, it would be a mistake not 
>to prepare for a true multiuser OS from the start. Not that it should be fully 
>implemented and functional from R1, but we have to want and aim towards a true 
>multiuser OS.

No one has given me a really good reason as to why, though. Not that I am the 
ultimate arbiter of such things, but (and when people asked Be for this, I 
asked the same thing), why? If I want a box people can telnet into, FreeBSD is 
a much better choice. Unless we wanted something like Windows Terminal Server 
(which has some very serious possibilities), then I fail to see why someone 
might want this.

>The ability to have processes (oh,sorry... teams :) ) running with different 
>privileges is essential to have a secure 
system. Security is becoming more and more important for home users. .. and no, 
It's not just about keeping all your ports closed. Security holes in email 
clients and browsers can also compromise a system and - if we only have a 
single root-user - not be prevented from opening the ports which were supposed 
to be closed.

Ah. But there is the thing. A system that has a multi-user FS (BeFS already is) 
and decent login and home directory management would cure what I think you are 
indicating as a problem.

>We need a multiuser kernel and a multiuser FS.

Other related posts: