[Dev] [Multiuser] System User ID Policy for the Daemon Processes

이동선 ds73.lee at samsung.com
Tue Apr 8 11:44:30 GMT 2014


Hi, Jose.

Thank you for your comments.
I added my reply in line.

Best Regards,
Dongsun Lee.

>
>------- Original Message -------
>Sender : Jos? Bollo<jose.bollo at open.eurogiciel.org>
>Date : 2014-04-07 21:01 (GMT+09:00)
>Title : Re: [Dev] [Multiuser] System User ID Policy for the Daemon Processes
>
>On lun, 2014-04-07 at 08:13 +0000, 이동선 wrote:
>> Hi, all.
>> I am Dongsun Lee working in Tizen security part at Samsung.
>> 
>> We are studing how to minimize the root processes in Tizen 3.0.
>> To do that, one of what we need is the system user id policy to replace the root user.
>> 
>> So I proposed the policy, "one system user per domain"(refer to the below mail).
>> Even if only one man wrote the response mail, I think people agreed with it.
>> So I went further.
>> 
>> There is no daemon in some domains, so they don't need the system user.
>> And there may be more than two daemon in one domain. 
>> In that case, one system user will be assigned for those daemons.
>> (If other system users are needed except the system users of domains,
>> it should be examined first by the security engineers before it is assigned.)
>> 
>> Following is the example of the system user assignement.
>> ---------------------------------------------
>> [Domain]                - [system user name]
>> System                  - system
>> Web Framework           - webfw
>> App Framework           - appfw
>> Base                    - base
>> Security                - security
>> Multimedia              - multimedia
>> Graphics & UI Framework - graphics
>> Networks & Connectivity - connectivity
>> Telephony               - telephony
>> Messaging               - messaging
>> Social & Content        - social
>> Location                - location
>> Platform Development    - platformdev
>> SDK                     - sdk
>> Automotive              - automotive
>> Application             - No User Assigned
>> Test APIs               - No User Assigned
>> (For domains, I referred to "https://wiki.tizen.org/wiki/Tizen_Platform_Architecture_Overview#Tizen_Domains").
>
>Hi 동선,
>
>Some notes.
>
>I don't see an obvious need for 'base' and 'security' that IMHO should
>be root or system. The platform integrity, system update and security
>management are to my eyes really deep in the system and should have many
>privileges then putting it in some specific user isn't realistic.

For some daemons(ex. systemd), it will be running as a root.
But other daemons in base and security domain which doesn't need many privileges
need to be running as non root.(In Tizen 2.2, the security-server in security domain
is running as root. But it doesn't need many privilege).


>Maybe that for encryption and password keyring, there is a need but it
>could be turn into 'system'.
>
>Is there a real need to separate 'sdk' and 'platformdev'? If not
>'platformdev' would be fine.
>
I checked the SDK and Platform Development domain.
For SDK, we don't need a system user.
And Platform Development domain doesn't need the system user either, I think.

>'graphics' is separated from 'multimedia' but there is no 'audio'. On my
>linux, I can see the groups 'audio' and 'video' but no such user. Maybe
>defining only 'multimedia' is good enough.
>
>I also share some of the fears of Łukasz and I have some doubts about
>the integration and the need of 'appfw' and 'webfw'. It could be into
>system too. But it makes sense even when the difference between them
>isn't really big.
>
>Best regards
>Jose


More information about the Dev mailing list