[SATLUG] Why have Linux permissions become so complicated?

Don Davis dondavis at reglue.org
Sat Sep 12 11:50:58 CDT 2015


Resurrecting this old thread. I've recently experienced the cascading
disaster of the KDE5 upgrade in Debian testing. Debian testing used to
be relatively stable (only minor tweaking necessary). I've been using
for Debian almost 10 years and aside of a few hiccoughs in the beginning
almost nothing was unfixable -- pare down and uninstall until the right
packages could be installed. SystemD causes things to fail in
unrecoverable ways. PolicyKit is contributing to this as well.

Linux is built by many people. Aside of the relatively monolithic
kernel, the modular approach has served it well. There should not be a
plethora of interwoven components that cause core components (and
subsequent elements) to quit working.

I'm currently stuck in a very awkward loop that is going to potentially
necessitate dedicating a day to reinstalling a Kerberos master.

On 08/04/2015 03:32 PM, Mark Mayfield wrote:
> I had some issues here and there recently which tracked back to systemd.
> Things that where in the past they just wouldn't work but the system
> keeps on running, with systemd the system completely stops and does not
> function at all. Horrible way of doing things in my opinion. Apparently
> the top people in charge of the major distro's think it is OK. I don't
> mind things being inter-dependent. But make it modular. Have a config
> file where you can turn the things you want on and the things you don't
> off. Allow you to uninstall what you don't want without having to remove
> the whole system.
> 
> On 08/04/2015 02:30 PM, Don Davis wrote:
>> I've been having to work more with PAM recently (for LDAP...) and
>> appreciate the modularity and configurability.
>> Aside of that- the inseparable, interwoveness has crept in making more
>> and more problems.
>>
>> Recently, I've experienced some unrecoverable (&undiagnosable to me)
>> errors with systemd. Things that wouldn't have (so trivially) broke
>> years ago - stop the system now.
>>
>>
>> Oddly enough, right before I read this message, I was asking myself if
>> Slackware was systemd less and if I could go back to basics with it....
>> http://without-systemd.org/wiki/index.php/Main_Page
>>
>>
>>
>> On 08/04/2015 01:09 PM, steve kolars wrote:
>>> Agreed. The idea behind Unix/Linux is supposed to be simplicity. Besides
>>> the points Bruce brought out, lets step back and look at it from the
>>> security point of view (as weird as that sounds). The more complex the
>>> system the more prone it is to error. Too many daemons running equal too
>>> many points of attack, too many points to defend (it is not a
>>> one-for-one
>>> relationship).
>>>
>>> If I do not need it, I should not have to run it. This tying stuff
>>> together
>>> has crept and crept in Linux until it has become a real problem
>>> (problem is
>>> the nicest word I can think of). The best example I can think of is
>>> "systemd." ¡¡¡What a Trojan Horse!!! It has become such a "problem
>>> child"
>>> that I have gone to BSD for most work. For Linux I am really looking at
>>> going back to Slackware, where we all started.
>>>
>>> On Tue, Aug 4, 2015 at 11:57 AM, Bruce Dubbs <bruce.dubbs at gmail.com>
>>> wrote:
>>>
>>>> I've been looking at some permissions issues lately.  It strikes me
>>>> that
>>>> the Linux system has become much more complicated over the years. 
>>>> There
>>>> are a couple of issues.
>>>>
>>>> First there is Linux-PAM.  This has been around for a long time.  I
>>>> often
>>>> wonder why it is needed.  I used to try to ignore it, but there are
>>>> just
>>>> too many applications that seem to require it for that.  I do know
>>>> that it
>>>> can be useful in a multi-user environment using ldap for logon
>>>> credentials,
>>>> but how common is that?
>>>>
>>>> Second is polkit.  This is something that is only useful in a graphical
>>>> environment with multiple users.  What is it's purpose on a laptop? 
>>>> On a
>>>> server without Xorg?  Again, there are many apps that seem to demand
>>>> it.
>>>>
>>>> Third is ConsolKit. ConsoleKit is not being actively maintained. 
>>>> They now
>>>> say to use systemd-logind.
>>>>
>>>> http://www.freedesktop.org/wiki/Software/ConsoleKit/
>>>>
>>>> To make things worse, to implement this complexity, applications like
>>>> upowerd, polkitd, console-kit-daemon, etc are run as daemons even
>>>> after a
>>>> graphical session is terminated.
>>>>
>>>> -------
>>>>
>>>> To me, all these permission applications are only needed in an
>>>> environment
>>>> where there are multiple users on a system.  In addition, if there are
>>>> multiple users, they need to be using a graphical desktop.
>>>>
>>>> How many Linux systems in use fall into this category?  I really don't
>>>> know but I suspect it is a low percentage.
>>>>
>>>> The whole idea about ConsoleKit, PolKit, and systemd-logind seem to
>>>> revolve around the idea of 'seats' and 'sessions'.  All the
>>>> complication
>>>> seems to have evolved for systems that have seats > 1 or sessions > 1.
>>>>
>>>> My question is: how often does this situation arise?  In the early
>>>> 90's,
>>>> it was common to have thin graphical clients that connected to an
>>>> expensive, relatively powerful, central system.  That seems obsolete
>>>> today
>>>> in the era of sub-$100 terrabyte hard drives and cheap multi-core
>>>> processors.
>>>>
>>>> Is all this complication just because the upstream base distros,
>>>> notably
>>>> RedHat and Debian and SuSE have a one size fits all approach to
>>>> creating
>>>> distributions? Does everyone really have to have ALL the complexity
>>>> needed
>>>> only by the very few?
>>>>
>>>> My viewpoint may be limited.  What am I missing?
>>>>
>>>>    -- Bruce
>>>>
>>>> -- 
>>>> _______________________________________________
>>>> SATLUG mailing list
>>>> SATLUG at satlug.org
>>>> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
>>>> Powered by Rackspace (www.rackspace.com)
>>>>
> 


More information about the SATLUG mailing list