On Mon, 23 Sep, 2002, Lamont Granquist wrote: >> Maybe just replace all suser(9) uses with MAC credential checks, and >> install MAC_UNIX by default, which would be set up to behave like >> ye olden UNIX... Who knows. > >Something like that sounds like a really good idea. I'd like to see this >not only for binding to low ports but also, for example, to set the system >time -- this would let you run ntpd as non-root. > >It'd be interesting to have a system one day where once you've gone past >single user mode, root drops all its privs and acts just like a normal >user account and daemon accounts only have special privs handed out to >them in little chunks.
This is starting to sound a bit too much like Plan9. Here is a very short snippit on filesystem permissions from the document at: http://plan9.bell-labs.com/wiki/plan9/KFS_file_system_configuration/index.html [snip] There is no super-user; the closest equivalent is the person who booted the terminal (generically called Eve; Adm owns the file server). Most devices are owned by Eve, and the local kernel will let Eve do most things commonly associated with a super-user (for example, debug or kill processes she doesn't own). Eve's power does not extend past the local machine, though, or even into the kfs file system. The important difference is that the kfs file system is being provided by a user process, which has its own permissions checking separate from the kernel, and it does not care to let the hostowner have special permissions directly. [snip] -- David P. Reese Jr. [EMAIL PROTECTED] -------------------------------------------------------------------------- C You shoot yourself in the foot. Assembler You try to shoot yourself in the foot, only to discover you must first invent the gun, the bullet, the trigger, and your foot. How to Shoot Yourself in the Foot <http://www.m5p.com/~pravn/foot.html> To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
