On mer, 2014-04-02 at 01:53 +0000, 이동선 wrote: > Hi all, > > We distributed the security policy proposal in the multi-user environment > before. > And we are developing the detailed user id policy for the not user oriented > daemon processes. > > We proposed about it as below in the earlier security policy proposal. > [User ID of Daemon Processes] > - If performing service is not user oriented, it can be launched as > special user ID > i.e) telephony, location, system > - User oriented service can be launched as logged in user ID > i.e) email, messaging, account, contacts, pims > - Decision can be made case by case > > We considered "one system user per not-user oriented daemon" before, but we > thought it's too difficult to manage. > We also considered "one system user(not root) for all not user oriented > daemons", and there is still the concern for the security.
I usually share the same statements. > How can we assign the system user id properly(Secure and Easy to manage)? > Do you have any idea about the system user policy? > > How about "one system user per domain(system, multimedia, telephony,...)"? IMHO that's the good way. For tizen common, we are currently defining the user and group 'display' for implementing multi-user wayland/weston (daemon runs as id display and . It will be proposed soon. > It'll be happy to hear any feedback. Done ;) Best regards José > > > Best Regards, > Dongsun Lee > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
