[SATLUG] Why have Linux permissions become so complicated?

Steev Klimaszewski threeway at gmail.com
Tue Aug 4 12:24:47 CDT 2015


On Tue, Aug 4, 2015 at 9:57 AM, Bruce Dubbs <bruce.dubbs at gmail.com> wrote:

> I've been looking at some permissions issues lately.  It strikes me that
> the Linux system has become much more complicated over the years.  There
> are a couple of issues.
>
> First there is Linux-PAM.  This has been around for a long time.  I often
> wonder why it is needed.  I used to try to ignore it, but there are just
> too many applications that seem to require it for that.  I do know that it
> can be useful in a multi-user environment using ldap for logon credentials,
> but how common is that?
>
> Second is polkit.  This is something that is only useful in a graphical
> environment with multiple users.  What is it's purpose on a laptop?  On a
> server without Xorg?  Again, there are many apps that seem to demand it.
>
> Third is ConsolKit. ConsoleKit is not being actively maintained.  They now
> say to use systemd-logind.
>
> http://www.freedesktop.org/wiki/Software/ConsoleKit/
>
> To make things worse, to implement this complexity, applications like
> upowerd, polkitd, console-kit-daemon, etc are run as daemons even after a
> graphical session is terminated.
>
> -------
>
> To me, all these permission applications are only needed in an environment
> where there are multiple users on a system.  In addition, if there are
> multiple users, they need to be using a graphical desktop.
>
> How many Linux systems in use fall into this category?  I really don't
> know but I suspect it is a low percentage.
>
> The whole idea about ConsoleKit, PolKit, and systemd-logind seem to
> revolve around the idea of 'seats' and 'sessions'.  All the complication
> seems to have evolved for systems that have seats > 1 or sessions > 1.
>
> My question is: how often does this situation arise?  In the early 90's,
> it was common to have thin graphical clients that connected to an
> expensive, relatively powerful, central system.  That seems obsolete today
> in the era of sub-$100 terrabyte hard drives and cheap multi-core
> processors.
>
> Is all this complication just because the upstream base distros, notably
> RedHat and Debian and SuSE have a one size fits all approach to creating
> distributions? Does everyone really have to have ALL the complexity needed
> only by the very few?
>
> My viewpoint may be limited.  What am I missing?
>
>   -- Bruce
>
> --


You're spot on.  It's the one-size-fits-all approach.  It's far easier to
maintain.  Most people prefer the convenience and don't know better.


More information about the SATLUG mailing list