[SATLUG] Why have Linux permissions become so complicated?

Bruce Dubbs bruce.dubbs at gmail.com
Tue Aug 4 11:57:23 CDT 2015

I've been looking at some permissions issues lately.  It strikes me that 
the Linux system has become much more complicated over the years.  There 
are a couple of issues.

First there is Linux-PAM.  This has been around for a long time.  I 
often wonder why it is needed.  I used to try to ignore it, but there 
are just too many applications that seem to require it for that.  I do 
know that it can be useful in a multi-user environment using ldap for 
logon credentials, but how common is that?

Second is polkit.  This is something that is only useful in a graphical 
environment with multiple users.  What is it's purpose on a laptop?  On 
a server without Xorg?  Again, there are many apps that seem to demand it.

Third is ConsolKit. ConsoleKit is not being actively maintained.  They 
now say to use systemd-logind.


To make things worse, to implement this complexity, applications like 
upowerd, polkitd, console-kit-daemon, etc are run as daemons even after 
a graphical session is terminated.


To me, all these permission applications are only needed in an 
environment where there are multiple users on a system.  In addition, if 
there are multiple users, they need to be using a graphical desktop.

How many Linux systems in use fall into this category?  I really don't 
know but I suspect it is a low percentage.

The whole idea about ConsoleKit, PolKit, and systemd-logind seem to 
revolve around the idea of 'seats' and 'sessions'.  All the complication 
seems to have evolved for systems that have seats > 1 or sessions > 1.

My question is: how often does this situation arise?  In the early 90's, 
it was common to have thin graphical clients that connected to an 
expensive, relatively powerful, central system.  That seems obsolete 
today in the era of sub-$100 terrabyte hard drives and cheap multi-core 

Is all this complication just because the upstream base distros, notably 
RedHat and Debian and SuSE have a one size fits all approach to creating 
distributions? Does everyone really have to have ALL the complexity 
needed only by the very few?

My viewpoint may be limited.  What am I missing?

   -- Bruce

More information about the SATLUG mailing list