[Dev] [Multiuser] System User ID Policy for the Daemon Processes
jose.bollo at open.eurogiciel.org
Fri Apr 4 10:26:15 GMT 2014
On mer, 2014-04-02 at 01:53 +0000, 이동선 wrote:
> Hi all,
> We distributed the security policy proposal in the multi-user environment before.
> And we are developing the detailed user id policy for the not user oriented daemon processes.
> We proposed about it as below in the earlier security policy proposal.
> [User ID of Daemon Processes]
> - If performing service is not user oriented, it can be launched as special user ID
> i.e) telephony, location, system
> - User oriented service can be launched as logged in user ID
> i.e) email, messaging, account, contacts, pims
> - Decision can be made case by case
> We considered "one system user per not-user oriented daemon" before, but we thought it's too difficult to manage.
> We also considered "one system user(not root) for all not user oriented daemons", and there is still the concern for the security.
I usually share the same statements.
> How can we assign the system user id properly(Secure and Easy to manage)?
> Do you have any idea about the system user policy?
> How about "one system user per domain(system, multimedia, telephony,...)"?
IMHO that's the good way.
For tizen common, we are currently defining the user and group 'display'
for implementing multi-user wayland/weston (daemon runs as id display
and . It will be proposed soon.
> It'll be happy to hear any feedback.
> Best Regards,
> Dongsun Lee
> Dev mailing list
> Dev at lists.tizen.org
More information about the Dev