[Dev] [Tizen:Common] 'app' user removal

José Bollo jose.bollo at open.eurogiciel.org
Wed Oct 8 08:45:49 GMT 2014


On mer, 2014-10-08 at 10:09 +0200, Lukasz Wojciechowski wrote:
> W dniu 2014-10-08 09:19, José Bollo pisze:
> > On mer, 2014-10-08 at 07:02 +0200, Lukasz Wojciechowski wrote:
> >> If Rafal's proposal of usage of security-manager (Gumd and
> >> security-manager integration) will be done, then the security-manager
> >> MUST be used to create users both in runtime and during image creation.
> >> If during image creation gumd is not present security-manager can make
> >> use of useradd.
> >>
> >> Best regards
> >> Lukasz
> > Hi,
> >
> > It is just starting to be more and more complicated!
> >
> > How can we write spec files to access the correct user manager? It will
> > depend on the stage of installation of the rpm during image creation.
> >
> > IMHO there are two options:
> > - just calling 'useradd', assuming that it will switch to the current
> > behaviour;
> > - provide a security-manager-user/group/add/del and change all spec
> > files to use it.
> >
> > Because the former is "agnostic", it is my preferred.
> >
> > Best regards
> > José Bollo
> >
> >
> ... but the first one won't set any privileges for user in cynara. Only 
> security-manager can do that.

I wasn't clear enough: useradd would be a kind of link that either is
pointing to the original useradd from pwdutils or to an other
implementation like gumd or security-manager.

With a such link, calling "useradd" would "transparently" calls the
effective implementation.

This would be "agnostic" because the client doesn't care of the
implementation. Conversely, if you care of the implementation, you call
the right program.

Just an idea. It has pros and cons.

> Security-manager will have "offliine" command tool. Probably it will be 
> good to speed up design of it, so i t can be used ASAP.
> 
> best regards
> Lukasz
> _______________________________________________
> Dev mailing list
> Dev at lists.tizen.org
> https://lists.tizen.org/listinfo/dev




More information about the Dev mailing list