[Dev] [Multiuser] System User ID Policy for the Daemon Processes

Łukasz Stelmach l.stelmach at samsung.com
Mon Apr 7 09:26:05 GMT 2014

It was <2014-04-07 pon 10:13>, when 이동선 wrote:
> Hi, all.
> I am Dongsun Lee working in Tizen security part at Samsung.
> We are studing how to minimize the root processes in Tizen 3.0.
> To do that, one of what we need is the system user id policy to replace the root user.
> So I proposed the policy, "one system user per domain"(refer to the below mail).
> Even if only one man wrote the response mail, I think people agreed with it.
> So I went further.
> There is no daemon in some domains, so they don't need the system user.
> And there may be more than two daemon in one domain. 
> In that case, one system user will be assigned for those daemons.
> (If other system users are needed except the system users of domains,
> it should be examined first by the security engineers before it is assigned.)
> Following is the example of the system user assignement.
> ---------------------------------------------
> [Domain]                - [system user name]

I am not sure if strict assumptions like one-uid-per-daemon or
one-uid-per-domain are good starting points. My Linux experience tells
me that we should take them with a grain of salt and be prepared to make
decissions on case-by-case basis. The former policy may be too strict
and require some code to be rewritten, possibly from scratch, which may
be quite a lot of work. The latter, however seems too slack and not
secure enough.

Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://lists.tizen.org/pipermail/dev/attachments/20140407/06dcdb7a/attachment.sig>

More information about the Dev mailing list