[Dev] [Multiuser] System User ID Policy for the Daemon Processes

José Bollo jose.bollo at open.eurogiciel.org
Mon Apr 7 12:01:47 GMT 2014


On lun, 2014-04-07 at 08:13 +0000, 이동선 wrote:
> Hi, all.
> I am Dongsun Lee working in Tizen security part at Samsung.
> 
> We are studing how to minimize the root processes in Tizen 3.0.
> To do that, one of what we need is the system user id policy to replace the root user.
> 
> So I proposed the policy, "one system user per domain"(refer to the below mail).
> Even if only one man wrote the response mail, I think people agreed with it.
> So I went further.
> 
> There is no daemon in some domains, so they don't need the system user.
> And there may be more than two daemon in one domain. 
> In that case, one system user will be assigned for those daemons.
> (If other system users are needed except the system users of domains,
> it should be examined first by the security engineers before it is assigned.)
> 
> Following is the example of the system user assignement.
> ---------------------------------------------
> [Domain]                - [system user name]
> System                  - system
> Web Framework           - webfw
> App Framework           - appfw
> Base                    - base
> Security                - security
> Multimedia              - multimedia
> Graphics & UI Framework - graphics
> Networks & Connectivity - connectivity
> Telephony               - telephony
> Messaging               - messaging
> Social & Content        - social
> Location                - location
> Platform Development    - platformdev
> SDK                     - sdk
> Automotive              - automotive
> Application             - No User Assigned
> Test APIs               - No User Assigned
> (For domains, I referred to "https://wiki.tizen.org/wiki/Tizen_Platform_Architecture_Overview#Tizen_Domains").

Hi 동선,

Some notes.

I don't see an obvious need for 'base' and 'security' that IMHO should
be root or system. The platform integrity, system update and security
management are to my eyes really deep in the system and should have many
privileges then putting it in some specific user isn't realistic.

Maybe that for encryption and password keyring, there is a need but it
could be turn into 'system'.

Is there a real need to separate 'sdk' and 'platformdev'? If not
'platformdev' would be fine.

'graphics' is separated from 'multimedia' but there is no 'audio'. On my
linux, I can see the groups 'audio' and 'video' but no such user. Maybe
defining only 'multimedia' is good enough.

I also share some of the fears of Łukasz and I have some doubts about
the integration and the need of 'appfw' and 'webfw'. It could be into
system too. But it makes sense even when the difference between them
isn't really big.

Best regards
José




More information about the Dev mailing list