[Dev] [Multiuser] System User ID Policy for the Daemon Processes
ds73.lee at samsung.com
Tue Apr 8 11:44:30 GMT 2014
Thank you for your comments.
I added my reply in line.
>------- Original Message -------
>Sender : Jos? Bollo<jose.bollo at open.eurogiciel.org>
>Date : 2014-04-07 21:01 (GMT+09:00)
>Title : Re: [Dev] [Multiuser] System User ID Policy for the Daemon Processes
>On lun, 2014-04-07 at 08:13 +0000, 이동선 wrote:
>> Hi, all.
>> I am Dongsun Lee working in Tizen security part at Samsung.
>> We are studing how to minimize the root processes in Tizen 3.0.
>> To do that, one of what we need is the system user id policy to replace the root user.
>> So I proposed the policy, "one system user per domain"(refer to the below mail).
>> Even if only one man wrote the response mail, I think people agreed with it.
>> So I went further.
>> There is no daemon in some domains, so they don't need the system user.
>> And there may be more than two daemon in one domain.
>> In that case, one system user will be assigned for those daemons.
>> (If other system users are needed except the system users of domains,
>> it should be examined first by the security engineers before it is assigned.)
>> Following is the example of the system user assignement.
>> [Domain] - [system user name]
>> System - system
>> Web Framework - webfw
>> App Framework - appfw
>> Base - base
>> Security - security
>> Multimedia - multimedia
>> Graphics & UI Framework - graphics
>> Networks & Connectivity - connectivity
>> Telephony - telephony
>> Messaging - messaging
>> Social & Content - social
>> Location - location
>> Platform Development - platformdev
>> SDK - sdk
>> Automotive - automotive
>> Application - No User Assigned
>> Test APIs - No User Assigned
>> (For domains, I referred to "https://wiki.tizen.org/wiki/Tizen_Platform_Architecture_Overview#Tizen_Domains").
>I don't see an obvious need for 'base' and 'security' that IMHO should
>be root or system. The platform integrity, system update and security
>management are to my eyes really deep in the system and should have many
>privileges then putting it in some specific user isn't realistic.
For some daemons(ex. systemd), it will be running as a root.
But other daemons in base and security domain which doesn't need many privileges
need to be running as non root.(In Tizen 2.2, the security-server in security domain
is running as root. But it doesn't need many privilege).
>Maybe that for encryption and password keyring, there is a need but it
>could be turn into 'system'.
>Is there a real need to separate 'sdk' and 'platformdev'? If not
>'platformdev' would be fine.
I checked the SDK and Platform Development domain.
For SDK, we don't need a system user.
And Platform Development domain doesn't need the system user either, I think.
>'graphics' is separated from 'multimedia' but there is no 'audio'. On my
>linux, I can see the groups 'audio' and 'video' but no such user. Maybe
>defining only 'multimedia' is good enough.
>I also share some of the fears of Łukasz and I have some doubts about
>the integration and the need of 'appfw' and 'webfw'. It could be into
>system too. But it makes sense even when the difference between them
>isn't really big.
More information about the Dev