[Dev] [Multiuser] System User ID Policy for the Daemon Processes

이동선 ds73.lee at samsung.com
Mon Apr 7 08:13:20 GMT 2014

Hi, all.
I am Dongsun Lee working in Tizen security part at Samsung.

We are studing how to minimize the root processes in Tizen 3.0.
To do that, one of what we need is the system user id policy to replace the root user.

So I proposed the policy, "one system user per domain"(refer to the below mail).
Even if only one man wrote the response mail, I think people agreed with it.
So I went further.

There is no daemon in some domains, so they don't need the system user.
And there may be more than two daemon in one domain. 
In that case, one system user will be assigned for those daemons.
(If other system users are needed except the system users of domains,
it should be examined first by the security engineers before it is assigned.)

Following is the example of the system user assignement.
[Domain]                - [system user name]
System                  - system
Web Framework           - webfw
App Framework           - appfw
Base                    - base
Security                - security
Multimedia              - multimedia
Graphics & UI Framework - graphics
Networks & Connectivity - connectivity
Telephony               - telephony
Messaging               - messaging
Social & Content        - social
Location                - location
Platform Development    - platformdev
SDK                     - sdk
Automotive              - automotive
Application             - No User Assigned
Test APIs               - No User Assigned
(For domains, I referred to "https://wiki.tizen.org/wiki/Tizen_Platform_Architecture_Overview#Tizen_Domains").

Please, examine this policy. It'll be happy to hear any feedback.
If there is no feedback, I will think there is no opposition to this policy.

Best Regards,
Dongsun Lee.

On mer, 2014-04-02 at 01:53 +0000, 이동선 wrote:
> Hi all,
> We distributed the security policy proposal in the multi-user environment before.
> And we are developing the detailed user id policy for the not user oriented daemon processes.
> We proposed about it as below in the earlier security policy proposal.
>   [User ID of Daemon Processes]
>     - If performing service is not user oriented, it can be launched as special user ID
>         i.e) telephony, location, system
>     - User oriented service can be launched as logged in user ID
>         i.e) email, messaging, account, contacts, pims
>     - Decision can be made case by case
> We considered "one system user per not-user oriented daemon" before, but we thought it's too difficult to manage.
> We also considered "one system user(not root) for all not user oriented daemons", and there is still the concern for the security.

I usually share the same statements.

> How can we assign the system user id properly(Secure and Easy to manage)? 
> Do you have any idea about the system user policy? 
> How about "one system user per domain(system, multimedia, telephony,...)"?

IMHO that's the good way.

For tizen common, we are currently defining the user and group 'display'
for implementing multi-user wayland/weston (daemon runs as id display
and . It will be proposed soon.

> It'll be happy to hear any feedback.

Done ;)

Best regards

> Best Regards,
> Dongsun Lee
> _______________________________________________
> Dev mailing list
> Dev at lists.tizen.org
> https://lists.tizen.org/listinfo/dev

안녕하세요, System S/W Lab 이동선 책임입니다.

이동선 드림

 이동선    李東宣    DongSun Lee
책임 Senior Engineer
System S/W Lab (S/W R&D Center)
Samsung Electronics co., Ltd. 
E-mail  : ds73.lee at samsung.com     

More information about the Dev mailing list