On Tue, Apr 3, 2012 at 9:31 PM, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote: > On Tue, 2012-04-03 at 16:10 +0900, Joel Rees wrote: >> Well, there is a reason some people don't want universal ID, for example. >> It's a lot broader topic than you may want to believe. It's similar to the >> reason your httpd and ftpd (ntpd, nfs daemon, database daemons, etc.) >> are operating as separate users, and are run by yet another daemon >> operating as yet another user. > > But those /are/ separate users, to apply the user analogy to machines > rather than people. On my personal machines, they are me, doing separate tasks. If I insist on looking at everything I do on the computer as me. Of course, I suppose you could say that the httpd is the author of the daemon doing stuff on your computer that you asked him to, in which case, the httpd is clearly not the user-id he would log in to on your machine if he had some reason to do so. There are different ways of looking at things, and, yes, I'm advocating a point of view you aren't used to or don't like or something. > On the other hand, when I'm browsing, typing, reading, mailing, > downloading, whatever, I am just one person. Maybe, maybe not. But did I say I would use a different user-id for each application? If so, I misspoke. (I don't think I said that, however.) I know that when I go to Amazon, for instance, I usually do not want them to know who I am. Thus, when I'm browsing Amazon's web pages, I probably will use a different subuser than when I am writing e-mail on the list here (using Google Mail's web interface). > You seem to be advocating > changing user logons from what they are, to something else. Muddying > things up with application sandboxing. I'm advocating returning them back to what they were in early Unix, IDs under which to run a set of related tasks. Sometimes those related tasks happened to have an approximate one-to-one correspondence to physical humans. Definitely not always, except on systems that had BOFH admins. (Those admins were seriously lacking in understanding of the systems they were supposed to be administrating, thus the tendency to refer to them as BOsFH.) But the term "user-id" came, not from the human user, but from a bit of jargon in which user tasks were anything not system, and, in Unix, the concept was that the system was another user task, thus the root user. > Tim: >>> Sure, there's /some/ added security in separated accounts for different >>> activities, and some added privacy > >> s/some/a lot of/ >> >> if you set it up right. > > Until you have to do something that crosses over from one to the other > (such as an email that requires website confirmation), and at that point > all your quarantining gets instantly negated, past and present. I've done exactly that, numerous times. I prefer the reply method over the web browser URL method, but when the former is not offered, I just copy the URL into the clipboard and paste it into the browser running as a subuser. Yeah, I am aware that the fact of the shared paste buffer is evidence that the wall is porous. But if a web site downloads something into the subuser's browser, it goes into the subuser's download folder or cookies or whatever. Oh, I forget, flash is a pig. Doesn't run in the subuser. So I don't go to sites that require flash in my work user. Yeah, when I shift to that mode, I log out of the work user and log in to my play user. That is no fun, because I can't listen to Heart or APP on youtube while I'm logged in as my work user. But, really, if I want to listen to music while I work, I don't have to be listening off of youtube. There are other ways. >>> (just recently it's become even more >>> annoying how if you've logged into one service, you suddenly find that >>> other things you're looking at have you "logged in as a user" rather >>> than an anonymous browser). > >> Not a particularly recent phenomenon. > > I know it's not a new thing, but *recently* it seemed to have become > worse. In the past, there was the outcry against Microsoft's Passport, > as the universal logon, and one login to the system, of which people > will probably remain logged into during their entire session, > fingerprints everything that they do. Between then and now, it seemed > that most major online services were quite independent from each other > (e.g. what you did on eBay wasn't reflected on Amazon, etc.). > > More recently, the same sort of thing (as Passport) happened again with > Google, YouTube, Yahoo, and probably some others becoming joined in one > way or another, behind the scenes, as they've bought into each other. > You log into one, e.g. so you can leave a comment on something in > YouTube, and suddenly you notice that you're logged into Google, > databasing every thing you do from then on, personally. Well, Blogspot and youtube are Google, so it's not unreasonable for those logins to be shared. You can turn the sharing off, IIRC. Between Google and Yahoo, you have to tell both that you want to share logins. At least, that's the way it was last time I looked. Cookies, well, yeah, Google's most recent privacy policy kind of bites. That's another reason I like to separate the users I work under. I'm logged in now, of course, but I can use google with my surfing subuser, and Google doesn't see it's me. >>> But there's a lot of mess in when you need >>> to be able to bridge between those different accounts (read and write to >>> the files you saved in the other account). > >> Unless you have per-user groups and set the permissions right, >> in which case it becomes a small, non-repetitive matter of navigation. > > Which a lot of people are probably not going to get right (no surprise > there, because you have to understand it, how to implement it, and how > not to negate your efforts). And having commonly accessible data > through a particular user group may well be a hole in that security > model. And that is one of the reasons I'm wasting time trying to tell other people how to do this, here, on this list. When I get some time, I need to make some scripts to set the subusers up, and share the scripts. > And we're rapidly getting into tinfoil hat territory. A certain amount of paranoia is healthy. -- Joel Rees -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
