:: Re: [DNG] Another multi-user issue
Forside
Slet denne besked
Besvar denne besked
Skribent: Boruch Baum
Dato:  
Til: dng
Emne: Re: [DNG] Another multi-user issue
On 04/07/2016 01:05 PM, Rainer Weikusat wrote:
> "Jack L. Frost" <fbt@???> writes:
>> On Sun, Apr 03, 2016 at 08:17:32PM -0400, Boruch Baum wrote:
>>> Please consider setting the default /etc/fstab to include:
>>>
>>> proc            /proc           proc    defaults,hidepid=2

>>>
>>> This has the effect of keeping the specific activities, process
>>> ids, command lines and parameters of a user from other users.
>>
>> I've been using hidepid=2 as a default in my toy distro and haven't
>> found a usecase where that would be a bad default. So unless there
>> are common enough usecases where users need to see others'
>> processes, I agree.
>
> Since this is an argument for changing the default behaviour, there
> ought to be some "common enough" use cases where that would be
> beneficial. Eg, why should daemon processes running on a machine used
> by a single person, say, the proverbial "clueless newbie", be
> forcibly hidden from the owner of the computer unless he happens to
> be running as root?

Nothing in Linux is done by 'force', Ranier. The sysadmin always has
choice. The issue is whether basic security issues should be opt-in or
opt-out. If the sysadmin of your example is so much a "clueless newbie",
to not know how to use root (or even sudo), then no admin task
whatsoever will be possible on the system.

> The 'common use case' where the default behaviour is useful would
> still be a system with one physical user running processes supposed
> to be various useful tasks using a variety of different user IDs. Eg,
> the web server I'm using to get files onto iOS devices runs as
> www-data, the DNS resolver as bind, the program getting my e-mails as
> fetchmail, the timekeeping daemon as ntp, the line printer daemon as
> daemon and all kernel threads runs as root. In case something "seems
> wrong", eg, the system starts to behave sluggishly, I can do a quick
> check of the status of everything without doing an uid change first.
> I can check if I started the mail downloader at all with a mere ps
> faux or pgrep fetchmail. Kernel threads using enormous amounts of CPU
> time are visible to me without running top as root. etc


Do you realize that you're basically repeating the talking points used
by Microsoft when it originally released Windows OS?

I think I'm beginning to get where you're coming from when you make your
recommendations, and that's important to know in order to respond to
you. If I do have you figured out, your issue is that you're not
thinking outside your box ("box" also in the sense of your hardware).

Linux / Unix / Solaris / etc are meant to be multi-user operating
systems. Please remember that: multi-user. In the 1980's, Microsoft
Windows decided to adopt your approach, and they have been back-pedaling
ever since. The single-user use-case is not Linux's design-goal. Those
particular Linux projects with that design goal, such as Puppy, do
address your complaint. They do so by running as root by default.

Likewise, Linux's design goal has never been to be a clone of your
personal iOS devices. Its world is a lot bigger than single-user
mobile-devices.

It might be useful to review Debian's design goal, to be "the universal
OS". Debian is meant to be used in environments that scale up past 10^4,
10^5, 10^6 + users. Their developers aren't basement hobbyists. Their
decisions are scrutinized by, and have input from, the largest of
corporations. Devuan is meant to be debian without systemd. If your
world and perspective doesn't extend past your single-user mobile
device, Debian can -also- be useful for you. It is, after all, "the
universal OS". It can be customized and tailored to your
needs. Google did so with Android; Apple based iOS on BSD. I don't
remember the others.

--
hkp://keys.gnupg.net
CA45 09B5 5351 7C11 A9D1 7286 0036 9E45 1595 8BC0