[SATLUG] Why have Linux permissions become so complicated?

Mark Mayfield mayfield_mark at gvtc.com
Tue Aug 4 15:32:32 CDT 2015


I had some issues here and there recently which tracked back to systemd. 
Things that where in the past they just wouldn't work but the system 
keeps on running, with systemd the system completely stops and does not 
function at all. Horrible way of doing things in my opinion. Apparently 
the top people in charge of the major distro's think it is OK. I don't 
mind things being inter-dependent. But make it modular. Have a config 
file where you can turn the things you want on and the things you don't 
off. Allow you to uninstall what you don't want without having to remove 
the whole system.

On 08/04/2015 02:30 PM, Don Davis wrote:
> I've been having to work more with PAM recently (for LDAP...) and
> appreciate the modularity and configurability.
> Aside of that- the inseparable, interwoveness has crept in making more
> and more problems.
>
> Recently, I've experienced some unrecoverable (&undiagnosable to me)
> errors with systemd. Things that wouldn't have (so trivially) broke
> years ago - stop the system now.
>
>
> Oddly enough, right before I read this message, I was asking myself if
> Slackware was systemd less and if I could go back to basics with it....
> http://without-systemd.org/wiki/index.php/Main_Page
>
>
>
> On 08/04/2015 01:09 PM, steve kolars wrote:
>> Agreed. The idea behind Unix/Linux is supposed to be simplicity. Besides
>> the points Bruce brought out, lets step back and look at it from the
>> security point of view (as weird as that sounds). The more complex the
>> system the more prone it is to error. Too many daemons running equal too
>> many points of attack, too many points to defend (it is not a one-for-one
>> relationship).
>>
>> If I do not need it, I should not have to run it. This tying stuff together
>> has crept and crept in Linux until it has become a real problem (problem is
>> the nicest word I can think of). The best example I can think of is
>> "systemd." ¡¡¡What a Trojan Horse!!! It has become such a "problem child"
>> that I have gone to BSD for most work. For Linux I am really looking at
>> going back to Slackware, where we all started.
>>
>> On Tue, Aug 4, 2015 at 11:57 AM, Bruce Dubbs <bruce.dubbs at gmail.com> wrote:
>>
>>> I've been looking at some permissions issues lately.  It strikes me that
>>> the Linux system has become much more complicated over the years.  There
>>> are a couple of issues.
>>>
>>> First there is Linux-PAM.  This has been around for a long time.  I often
>>> wonder why it is needed.  I used to try to ignore it, but there are just
>>> too many applications that seem to require it for that.  I do know that it
>>> can be useful in a multi-user environment using ldap for logon credentials,
>>> but how common is that?
>>>
>>> Second is polkit.  This is something that is only useful in a graphical
>>> environment with multiple users.  What is it's purpose on a laptop?  On a
>>> server without Xorg?  Again, there are many apps that seem to demand it.
>>>
>>> Third is ConsolKit. ConsoleKit is not being actively maintained.  They now
>>> say to use systemd-logind.
>>>
>>> http://www.freedesktop.org/wiki/Software/ConsoleKit/
>>>
>>> To make things worse, to implement this complexity, applications like
>>> upowerd, polkitd, console-kit-daemon, etc are run as daemons even after a
>>> graphical session is terminated.
>>>
>>> -------
>>>
>>> To me, all these permission applications are only needed in an environment
>>> where there are multiple users on a system.  In addition, if there are
>>> multiple users, they need to be using a graphical desktop.
>>>
>>> How many Linux systems in use fall into this category?  I really don't
>>> know but I suspect it is a low percentage.
>>>
>>> The whole idea about ConsoleKit, PolKit, and systemd-logind seem to
>>> revolve around the idea of 'seats' and 'sessions'.  All the complication
>>> seems to have evolved for systems that have seats > 1 or sessions > 1.
>>>
>>> My question is: how often does this situation arise?  In the early 90's,
>>> it was common to have thin graphical clients that connected to an
>>> expensive, relatively powerful, central system.  That seems obsolete today
>>> in the era of sub-$100 terrabyte hard drives and cheap multi-core
>>> processors.
>>>
>>> Is all this complication just because the upstream base distros, notably
>>> RedHat and Debian and SuSE have a one size fits all approach to creating
>>> distributions? Does everyone really have to have ALL the complexity needed
>>> only by the very few?
>>>
>>> My viewpoint may be limited.  What am I missing?
>>>
>>>    -- Bruce
>>>
>>> --
>>> _______________________________________________
>>> SATLUG mailing list
>>> SATLUG at satlug.org
>>> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
>>> Powered by Rackspace (www.rackspace.com)
>>>



More information about the SATLUG mailing list