tech-userlevel: Re: RE: Need some advice regarding portable user IDs

Subject: Re: RE: Need some advice regarding portable user IDs
To: Wilfredo Sanchez <wsanchez@apple.com>
From: Daniel O'Connor <doconnor@gsoft.com.au>
List: tech-userlevel
Date: 08/18/1999 12:55:24

This message is in MIME format
--_=XFMail.1.3.p0.FreeBSD:990818125524:5786=_
Content-Type: text/plain; charset=us-ascii

On 18-Aug-99 Wilfredo Sanchez wrote:
>    I'm trying to support a user experience similar to Mac OS using  
>  BSD underneath (for Mac OS version 10).  The goal being simplicity  
>  for the user, which I think might interest some FreeBSD users as well  
>  as my customers.

Right.. sorry, I didn't mean to sound rude :)

> | map (like NIS)?
>    And what happens accross NIS domains?

Design failure :)

I suppose you could carry a UID, GID mapping on the disks, and have mount look
out for it.. If you had a 'removable disk' flag in /etc/fstab, then have the
kernel look for those files, and use umapfs with them on the mounted FS. It
could be rather dangerous security wise though.. Maybe have an option somewhere
else (sysctl?) that tells mount wether removable disks are allowed to have
files that are executable/devices/s[ug]id on it. (ie automatically have -o
noexec,nosuid,nodevice done automatically based on user prefs)

If there where no mapping files on the disk have a default setting..

Perhaps you could 'sign' the files on the disk so that when you inserted it, it
checked the mapping files where signed by someone so you could opt to trust
certain people, and have less restrictive options for their disks.

You could even have it so it asks for your key phrase (thinking pgp/ssh terms)
when you insert the disk so you can verify the person, which would prevent
someone getting a disk trusted by you and modifying it and using it in your
machine.

Ahh, the complexities are endless :)

---
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum

--_=XFMail.1.3.p0.FreeBSD:990818125524:5786=_
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: 2.6.3ia

iQCVAwUBN7onpFbYW/HEoF9pAQG3kwQAnVIyvBgWlNvuRNx2eG68HcVS9c+uh+P5
cDgFNPKAV/J7bD4tDycDiFik6GMqe0fbqQKP8FPDPXzliEeYagtFd88gQ8ihg2ms
/omt1RwoE050F0Os1xR+D7vipggNEFL2QTxitIcB+aqU06Xku9vj5A4oGnWQ5iNy
x/0pq9j65ZY=
=hHrs
-----END PGP MESSAGE-----

--_=XFMail.1.3.p0.FreeBSD:990818125524:5786=_--
End of MIME message