[Dev] [Multiuser] System User ID Policy for the Daemon Processes

이동선 ds73.lee at samsung.com
Wed Apr 2 01:53:53 GMT 2014


Hi all,

We distributed the security policy proposal in the multi-user environment before.
And we are developing the detailed user id policy for the not user oriented daemon processes.

We proposed about it as below in the earlier security policy proposal.
  [User ID of Daemon Processes]
    - If performing service is not user oriented, it can be launched as special user ID
        i.e) telephony, location, system
    - User oriented service can be launched as logged in user ID
        i.e) email, messaging, account, contacts, pims
    - Decision can be made case by case

We considered "one system user per not-user oriented daemon" before, but we thought it's too difficult to manage.
We also considered "one system user(not root) for all not user oriented daemons", and there is still the concern for the security.

How can we assign the system user id properly(Secure and Easy to manage)? 
Do you have any idea about the system user policy? 

How about "one system user per domain(system, multimedia, telephony,...)"?

It'll be happy to hear any feedback.


Best Regards,
Dongsun Lee


More information about the Dev mailing list