https://bugs.kde.org/show_bug.cgi?id=418834
Bug ID: 418834
Summary: Slave-Users
Product: kuser
Version: unspecified
Platform: Other
OS: Linux
Status: REPORTED
Severity: wishlist
Priority: NOR
Component: general
Assignee: gyu...@freemail.hu
Reporter: stephen.fey...@btinternet.com
Target Milestone: ---
Please note that prior to posting this I have searched for wishlist items but
haven't found anything which obviously relates.
SUMMARY
Think of docker but for users. A project begins and the user creates a
'slave-user' to manage and contain the project. This would be similar in a
sense to Web Browsers providing multiple profiles.
HOW WOULD I EXPECT THIS MIGHT WORK
The mechanics of it are simple. A sub-user is just another system user, only
this user has a new and novel method to log in.
Their home directory in under a path like '/home/.~<USERNAME>/<SLAVE>'
In the user's master account a link to the slave home directory would be
created like '~/<SLAVE>'
Optionally the user would be able to encrypt their own and/or the slave
user's home directories.
The slave user would be a member of the group owned by the master user with
all files and directories in the slave home will belong in that master user's
group, with the relevant group permissions.
Regular applications will be able to be started from the application menu as
a slave user by right click and choose the slave user from a sub menu of users
headed by sudo (if the master user has that privilege).
Depending upon the slave user's group access, applications which are not
normally available to the master user are available in the application menu to
be started as the slave user.
Applications started in association with a file from the slave user's home
will be started as that slave user. A similar mechanism as from the
application menu will be available to choose the master user or sudo to action
the file.
In a broader setting federated identity management systems will be able to
assign privileges or groups to these users to give them special access.
USE CASES
A photography project. You create a user to manage your photos and this user
has access to your photo editing SAAS applications. This could be for a
birthday party or a wedding.
A remote working user. Your business allows access via a VPN. The slave
user has the permissions to create and destroy the VPN tunnel. This user's
browser and relevant applications work over the tunnel, allow the master user
to continue to access the regular web and master user processes ideally won't
mix with slave user processes... thus the great balancing act of security vs
usability continues.
Your boss assigns you a project. The slave user is created as member of a
group or groups which can access specific resources apps and/or media. When
the project is finished and the user is destroyed the home directory is all
swept up in to the main project's archive.
Please let me know your thoughts or if you have any questions.
The basic purpose of this is a separation of roles within one user entity. The
most challenging part of this I imagine, is designing the ways that the user
entity interacts consistently across KDE.
--
You are receiving this mail because:
You are watching all bug changes.
