users, "private" groups, and The Unix Way (was, Re: Is it me or is it sudo?)

Tue Apr 3 12:31:20 UTC 2012

On Tue, 2012-04-03 at 16:10 +0900, Joel Rees wrote:
> Well, there is a reason some people don't want universal ID, for example.
> It's a lot broader topic than you may want to believe. It's similar to the
> reason your httpd and ftpd (ntpd, nfs daemon, database daemons, etc.)
> are operating as separate users, and are run by yet another daemon
> operating as yet another user.

But those /are/ separate users, to apply the user analogy to machines
rather than people.

On the other hand, when I'm browsing, typing, reading, mailing,
downloading, whatever, I am just one person.  You seem to be advocating
changing user logons from what they are, to something else.  Muddying
things up with application sandboxing.

Tim:
>> Sure, there's /some/ added security in separated accounts for different
>> activities, and some added privacy

> s/some/a lot of/
> 
> if you set it up right.

Until you have to do something that crosses over from one to the other
(such as an email that requires website confirmation), and at that point
all your quarantining gets instantly negated, past and present.

>> (just recently it's become even more
>> annoying how if you've logged into one service, you suddenly find that
>> other things you're looking at have you "logged in as a user" rather
>> than an anonymous browser).

> Not a particularly recent phenomenon.

I know it's not a new thing, but *recently* it seemed to have become
worse.  In the past, there was the outcry against Microsoft's Passport,
as the universal logon, and one login to the system, of which people
will probably remain logged into during their entire session,
fingerprints everything that they do.  Between then and now, it seemed
that most major online services were quite independent from each other
(e.g. what you did on eBay wasn't reflected on Amazon, etc.).

More recently, the same sort of thing (as Passport) happened again with
Google, YouTube, Yahoo, and probably some others becoming joined in one
way or another, behind the scenes, as they've bought into each other.
You log into one, e.g. so you can leave a comment on something in
YouTube, and suddenly you notice that you're logged into Google,
databasing every thing you do from then on, personally.

>> But there's a lot of mess in when you need
>> to be able to bridge between those different accounts (read and write to
>> the files you saved in the other account).

> Unless you have per-user groups and set the permissions right,
> in which case it becomes a small, non-repetitive matter of navigation.

Which a lot of people are probably not going to get right (no surprise
there, because you have to understand it, how to implement it, and how
not to negate your efforts).  And having commonly accessible data
through a particular user group may well be a hole in that security
model.

And we're rapidly getting into tinfoil hat territory.

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.