[SATLUG] Why have Linux permissions become so complicated?
threeway at gmail.com
Tue Aug 4 12:24:47 CDT 2015
On Tue, Aug 4, 2015 at 9:57 AM, Bruce Dubbs <bruce.dubbs at gmail.com> wrote:
> I've been looking at some permissions issues lately. It strikes me that
> the Linux system has become much more complicated over the years. There
> are a couple of issues.
> First there is Linux-PAM. This has been around for a long time. I often
> wonder why it is needed. I used to try to ignore it, but there are just
> too many applications that seem to require it for that. I do know that it
> can be useful in a multi-user environment using ldap for logon credentials,
> but how common is that?
> Second is polkit. This is something that is only useful in a graphical
> environment with multiple users. What is it's purpose on a laptop? On a
> server without Xorg? Again, there are many apps that seem to demand it.
> Third is ConsolKit. ConsoleKit is not being actively maintained. They now
> say to use systemd-logind.
> To make things worse, to implement this complexity, applications like
> upowerd, polkitd, console-kit-daemon, etc are run as daemons even after a
> graphical session is terminated.
> To me, all these permission applications are only needed in an environment
> where there are multiple users on a system. In addition, if there are
> multiple users, they need to be using a graphical desktop.
> How many Linux systems in use fall into this category? I really don't
> know but I suspect it is a low percentage.
> The whole idea about ConsoleKit, PolKit, and systemd-logind seem to
> revolve around the idea of 'seats' and 'sessions'. All the complication
> seems to have evolved for systems that have seats > 1 or sessions > 1.
> My question is: how often does this situation arise? In the early 90's,
> it was common to have thin graphical clients that connected to an
> expensive, relatively powerful, central system. That seems obsolete today
> in the era of sub-$100 terrabyte hard drives and cheap multi-core
> Is all this complication just because the upstream base distros, notably
> RedHat and Debian and SuSE have a one size fits all approach to creating
> distributions? Does everyone really have to have ALL the complexity needed
> only by the very few?
> My viewpoint may be limited. What am I missing?
> -- Bruce
You're spot on. It's the one-size-fits-all approach. It's far easier to
maintain. Most people prefer the convenience and don't know better.
More information about the SATLUG