[SATLUG] Why have Linux permissions become so complicated?
bruce.dubbs at gmail.com
Tue Aug 4 11:57:23 CDT 2015
I've been looking at some permissions issues lately. It strikes me that
the Linux system has become much more complicated over the years. There
are a couple of issues.
First there is Linux-PAM. This has been around for a long time. I
often wonder why it is needed. I used to try to ignore it, but there
are just too many applications that seem to require it for that. I do
know that it can be useful in a multi-user environment using ldap for
logon credentials, but how common is that?
Second is polkit. This is something that is only useful in a graphical
environment with multiple users. What is it's purpose on a laptop? On
a server without Xorg? Again, there are many apps that seem to demand it.
Third is ConsolKit. ConsoleKit is not being actively maintained. They
now say to use systemd-logind.
To make things worse, to implement this complexity, applications like
upowerd, polkitd, console-kit-daemon, etc are run as daemons even after
a graphical session is terminated.
To me, all these permission applications are only needed in an
environment where there are multiple users on a system. In addition, if
there are multiple users, they need to be using a graphical desktop.
How many Linux systems in use fall into this category? I really don't
know but I suspect it is a low percentage.
The whole idea about ConsoleKit, PolKit, and systemd-logind seem to
revolve around the idea of 'seats' and 'sessions'. All the complication
seems to have evolved for systems that have seats > 1 or sessions > 1.
My question is: how often does this situation arise? In the early 90's,
it was common to have thin graphical clients that connected to an
expensive, relatively powerful, central system. That seems obsolete
today in the era of sub-$100 terrabyte hard drives and cheap multi-core
Is all this complication just because the upstream base distros, notably
RedHat and Debian and SuSE have a one size fits all approach to creating
distributions? Does everyone really have to have ALL the complexity
needed only by the very few?
My viewpoint may be limited. What am I missing?
More information about the SATLUG