[Dev] [Multiuser] System User ID Policy for the Daemon Processes

José Bollo jose.bollo at open.eurogiciel.org
Fri Apr 4 10:26:15 GMT 2014


On mer, 2014-04-02 at 01:53 +0000, 이동선 wrote:
> Hi all,
> 
> We distributed the security policy proposal in the multi-user environment before.
> And we are developing the detailed user id policy for the not user oriented daemon processes.
> 
> We proposed about it as below in the earlier security policy proposal.
>   [User ID of Daemon Processes]
>     - If performing service is not user oriented, it can be launched as special user ID
>         i.e) telephony, location, system
>     - User oriented service can be launched as logged in user ID
>         i.e) email, messaging, account, contacts, pims
>     - Decision can be made case by case
> 
> We considered "one system user per not-user oriented daemon" before, but we thought it's too difficult to manage.
> We also considered "one system user(not root) for all not user oriented daemons", and there is still the concern for the security.

I usually share the same statements.

> How can we assign the system user id properly(Secure and Easy to manage)? 
> Do you have any idea about the system user policy? 
> 
> How about "one system user per domain(system, multimedia, telephony,...)"?

IMHO that's the good way.

For tizen common, we are currently defining the user and group 'display'
for implementing multi-user wayland/weston (daemon runs as id display
and . It will be proposed soon.

> It'll be happy to hear any feedback.

Done ;)

Best regards
José

> 
> 
> Best Regards,
> Dongsun Lee
> _______________________________________________
> Dev mailing list
> Dev at lists.tizen.org
> https://lists.tizen.org/listinfo/dev




More information about the Dev mailing list