Re: [PATCH] Single user linux
Not to mention fold up keyboard, IBM microdrive, etc. So you can run the ARM Debian distro either via NFS (with the problems that entails), or even locally on a microdrive (or I suppose you could also play with an IDE or SCSI controller if you were really insane). On the kernel software side, we also have IPV6/mobile IP running. We're using Dave Woodhouse's JFFS2 with compression for our file system (Compressed journalling flash file system) on flash. In terms of apps, various PIM stuff, though needs lots of work, other goodies like GPS applications, etc. Mozilla in previous versions has been known to work. Tons of games, doom, etc. MP3 players (at least 3). Gnome core libraries. Python, Java 2 standard edition, swing, all running etc. Lots of work/fun left to do, of course, in all areas. Shall we just say we're having lots and lots and lots of fun :-). These are real computers. Lots of dust in the air: lots should have settled by June. In particular, look at the Familiar work. See www.handhelds.org. I apologize about the state of our web site: I've done much of the maintenance in the past, but I've been out for some surgery and life has been insane ever since. Most of the interesting stuff is in the Wiki. And iPAQ's are not as unobtanium as they once were: we're in really high volume production (>100K/month) but demand still outstrips supply (sigh...). Come join the party... - Jim Gettys > Sender: [EMAIL PROTECTED] > From: Disconnect <[EMAIL PROTECTED]> > Date: Wed, 25 Apr 2001 10:17:55 -0400 > To: Ronald Bultje <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: [PATCH] Single user linux > - > On Wed, 25 Apr 2001, Ronald Bultje did have cause to say: > > > Who says it needs to compile? Who says it needs software installed? Who > > says it needs to run the software itself? > > My current project (and I'm just waiting for nfs and wvlan_cs to stabalize > on ARM before putting the final touches on it) is an ipaq nfsrooted to a > Debian image, over the wireless lan. Works like a champ, and it -does- > compile stuff reasonably fast (well, reasonably fast considering the data > is all on the far side of 11M/sec wireless.) My kit is mostly portable as > well, since the nfs server is on the libretto and runs just fine in my > backpack ;) > > The next step is bludgeoning debian-arm into not running 50-100 little > servers I don't need on my PIM. But that may be the function of a > task-nfs-ipaq package or some such. > > So far -multiuser- linux on PIMs ("true" linux, with X, etc, as distinct > from pocketlinux/qpe/etc, which are a different animal in this case) is > almost there. Web browsers are coming along nicely (and remote-X netscape > is usable, although barely) and there are several nice imap clients. (and > input methods ranging from a handwriting system to a little onscreen > keyboard, if you are in a situation where an external keyboard is not > feasable.) > > --- -- Jim Gettys Technology and Corporate Development Compaq Computer Corporation [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [OT] linux on pda was Re: [PATCH] Single user linux
On Fri, Apr 27, 2001 at 07:42:25AM -0500, Collectively Unconscious wrote: > Also it seems to me last I checked PDA's were at least equvalent to the > 386 which is ostensibly the bottom linux rung. Check out the Compaq iPaq 3600 series. > As for the objection about slow compile times, get real. No PDA is going > to compile anything. All compilations happen on your desktop with a > crosscompiler. PDA's are for running handy little apps, not development > work. Ehm, I know that people actually use their iPaq to compile things natively. Plug in an IBM microdrive, add a foldable keyboard and you get a complete Unix workstation in pocket format. For more information, see http://www.handhelds.org/ . Erik [who also natively compiles kernels on a platform comparable to the iPaq -- see http://www.lart.tudelft.nl/ ] -- J.A.K. (Erik) Mouw, Information and Communication Theory Group, Department of Electrical Engineering, Faculty of Information Technology and Systems, Delft University of Technology, PO BOX 5031, 2600 GA Delft, The Netherlands Phone: +31-15-2783635 Fax: +31-15-2781843 Email: [EMAIL PROTECTED] WWW: http://www-ict.its.tudelft.nl/~erik/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, Apr 26, 2001 at 09:41:13PM +0200, Pavel Machek wrote: > > When I first started I compiled my linux kernels on a 386 dx with 8 mb ram > > heh. I think a lot of the current PDAs are faster. > > My pocket computer is 40MHz mips r3902, likely faster than your > 386dx. That's 3 years old. Anything you can buy today is at least > twice as fast. [hell, I saw 8MB ram 2MB flash 80MHz mips machine in > size of palm for $100 (vtech helio) -- I'll tell you where to buy it > when you ask.] The Compaq iPaq uses an Intel StrongARM SA1110 CPU running at 190MHz. Integer performance for a 221MHz SA1110 is comparable with a Pentium 180 (on the average), so I guess that the iPaq performance is compatable with a P166. Erik -- J.A.K. (Erik) Mouw, Information and Communication Theory Group, Department of Electrical Engineering, Faculty of Information Technology and Systems, Delft University of Technology, PO BOX 5031, 2600 GA Delft, The Netherlands Phone: +31-15-2783635 Fax: +31-15-2781843 Email: [EMAIL PROTECTED] WWW: http://www-ict.its.tudelft.nl/~erik/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: agenda & vtech helio [was Re: [PATCH] Single user linux]
Pavel Machek <[EMAIL PROTECTED]> sez: > available for download? [Besides, anyone knows of vtech helio emulator > for linux? Only version I saw was windows...] http://www.kernelconcepts.de/helio/helio-emulator-1.0.6b.tar.gz Works slowly, but okay. Your X server must be set to 15 or 16bpp. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
Hi! > > OK. "time make bzImage". Of course, mine's really slow (and I will consider > > myself publically humiliated if my only Linux machine is beaten on a kernel > > compile by an iPAQ). I 'spose, if it only goes into suspend, the ability to > > write "uptime" on it constitutes a walking penis extension after a while? > > When I first started I compiled my linux kernels on a 386 dx with 8 mb ram > heh. I think a lot of the current PDAs are faster. My pocket computer is 40MHz mips r3902, likely faster than your 386dx. That's 3 years old. Anything you can buy today is at least twice as fast. [hell, I saw 8MB ram 2MB flash 80MHz mips machine in size of palm for $100 (vtech helio) -- I'll tell you where to buy it when you ask.] Pavel -- I'm [EMAIL PROTECTED] "In my country we have almost anarchy and I don't care." Panos Katsaloulis describing me w.r.t. patents at [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
Hi! > > > What real value does it have, apart from the geek "look at me, I'm using > > > bash" value? > > > > I don't really want to get into it at the moment, but imagine hacking > > netfilter without lugging a laptop around. PDA's are sleek and cool, > > and using UNIX on them lets you write shell scripts to sort your > > addresses and stuff like that. Basically it's everything that's cool > > about Unix as a workstation OS scaled down to PDA-size. > > True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a > tab! not space! you just broke my makefiles! aargh!), and compiling So you telnet to your PDA from some real machine. And you don't need to write C code in order for unix environment to be usable. 50% of unix users I know use it for pine/mutt emacs/vi talk/irc/mud kind of stuff. > Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA. > Hrmz. How many hours? I'd say less than minute. In todays PDAs, 80MHz mips cpu is *slow*. Pavel -- I'm [EMAIL PROTECTED] "In my country we have almost anarchy and I don't care." Panos Katsaloulis describing me w.r.t. patents at [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
agenda & vtech helio [was Re: [PATCH] Single user linux]
Hi! > >>> And UNIX on a phone is pure overkill. > >> > >>Quit being a naysayer. UNIX on a PDA is a wet dream. > > > >http://www.agendacomputing.com/ (not that the reviews have been very kind) > > Nor has an official product been released. Reviewing hardware > and software in open development model before it is officially > stamped "final release" is unfair to say the least. I follow the > agenda list and it is a nice piece of hardware and the software Is there agenda emulator, somewhere? Is there their root filesystem available for download? [Besides, anyone knows of vtech helio emulator for linux? Only version I saw was windows...] I'm running linux on philips velo, which is similar to agenda, and I guess I could use some of their stuff. (Anybody knows about support of audio on r39xx companion chip? Or about voltmeters support?) Pavel -- I'm [EMAIL PROTECTED] "In my country we have almost anarchy and I don't care." Panos Katsaloulis describing me w.r.t. patents at [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, Apr 26, 2001 at 09:35:45PM +0200, Pavel Machek wrote: > Hi! Hola. > > > read the news! i'm programming nokia 9210 with c++, is that > > > computer enough? > > > > Aah. I see. Where was this? I never saw it. > > 9210 has qwerty keyboard. He said "read the news". I've seen the 9110 and 9210's, I was asking where this news was. > > > i bet if you programmed one, you'd wish you have posix > > > interface. > > > > That may be so, so hack up your own OS. It's a MOBILE PHONE, it needs to be > > absolutely *rock solid*. Look at the 5110, that's just about perfect. The > > 7110, on the other hand ... > > And point is? The point is that you need a known good, absolutely rock-solid OS to do it, and IMHO, you really need a customised job, not something like Linux, which is a monolith in comparison. > > > and how's stability, speed, etc. they read. is there a linux > > > advocate around here? > > > > There are Linux advocates, but I'd say most of us are sane enough to use the > > right-tool-for-the-job approach. And UNIX on a phone is pure > > overkill. > > Is it? Let's see. > > You want your mobile phone to read mail. That's SMTP. Oh, and SMTP > needs to run over something. That's TCP/IP over PPP or SLIP. Oh and > you want web access. Add HTTP to the list. In the mobile world, that is *all* WAP. > [above is reasonable even for "normal" mobile phone; those below > require keyboard] > > You'd like to ssh from your mobile phone. Add ssh. You'd like to ssh > *to* your mobile phone, because it keyboard sucks. That sshd. You'd > like to be able to let others to play games on your mobile phone, oh > that means multiuser mode. I'd *like* to, sure, but this is impractical because the mobile links suck so hard. Dunno about you, but it takes a few seconds to pull in a <1k page. Ugh. SSH? Games, sure, I point my phone at a 7110 or 6210 and I can play 2-player Snake 2 :) > You see? Linux has much stuff you'll need. True, but you have to be wary of overkill, like I said. > > Your sister won't notice much advantage. Linux on a workstation actually has > > *disadvantages* (unfamiliar interface, unintuitive same, etc), as opposed to > > 'Doze on a workstation. Sure it's more stable, and the tiniest bit faster, > > but what's that really matter to your sister, if she can't even figure out > > how to use it? > > My brother is 10 and he uses suse7.2 installation just fine. He likes > it more than windoze 2000 (I deleted) because there are more games in > kde than in windows. [I'd prefer gnome.] I've used RedHat since I was about 11, Debian since 13. It's not that hard, if you can just get used to it. But you're playing with yourself if you think that KDE has more games than Win2k ... Black & White? All the Star Wars games? etc ... I know a lot of them are being ported to Linux, most via Loki, but still ... (I use GNOME, and the panel giving me Bus errors is starting to annoy me). > > -d, who owns a 7110 and can lock it solid, or get it to do funny resetting > > tricks, at least once every 2 days > > Hmm, maybe your 7110 needs memory protection so that runaway calendar > can not hurt basic functions? ;-). Oh, I think it's just to do with changing state, seeing as most of the lockups I get are when I hit keys really, really quickly in sequence, and one lands just as the screen's blank, and it's changing state (snake 2 can also kill it). -- Daniel Stone [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
Hi! > > > Since when, did mobile phones == computers? > > > > read the news! i'm programming nokia 9210 with c++, is that > > computer enough? > > Aah. I see. Where was this? I never saw it. 9210 has qwerty keyboard. > > i bet if you programmed one, you'd wish you have posix > > interface. > > That may be so, so hack up your own OS. It's a MOBILE PHONE, it needs to be > absolutely *rock solid*. Look at the 5110, that's just about perfect. The > 7110, on the other hand ... And point is? > > > > that also explain why win95 user doesn't want to use NT. not > > > > because they can't afford it (belive me, here NT costs only > > > > us$2), but additional headache isn't acceptable. > > > > > > So, let them stay in Win95. They don't *need* NT. > > > > and how's stability, speed, etc. they read. is there a linux > > advocate around here? > > There are Linux advocates, but I'd say most of us are sane enough to use the > right-tool-for-the-job approach. And UNIX on a phone is pure > overkill. Is it? Let's see. You want your mobile phone to read mail. That's SMTP. Oh, and SMTP needs to run over something. That's TCP/IP over PPP or SLIP. Oh and you want web access. Add HTTP to the list. [above is reasonable even for "normal" mobile phone; those below require keyboard] You'd like to ssh from your mobile phone. Add ssh. You'd like to ssh *to* your mobile phone, because it keyboard sucks. That sshd. You'd like to be able to let others to play games on your mobile phone, oh that means multiuser mode. You see? Linux has much stuff you'll need. > > okay, it wouldn't cost me. but it surely easier if everybody used > > linux, so i could put my ext2 disk everywhere i want. > > > > hey, it's obvious that it's not for a server! > > i try to point out a problem for people not on this list, don't > > work around that problem. > > Your sister won't notice much advantage. Linux on a workstation actually has > *disadvantages* (unfamiliar interface, unintuitive same, etc), as opposed to > 'Doze on a workstation. Sure it's more stable, and the tiniest bit faster, > but what's that really matter to your sister, if she can't even figure out > how to use it? My brother is 10 and he uses suse7.2 installation just fine. He likes it more than windoze 2000 (I deleted) because there are more games in kde than in windows. [I'd prefer gnome.] > -d, who owns a 7110 and can lock it solid, or get it to do funny resetting > tricks, at least once every 2 days Hmm, maybe your 7110 needs memory protection so that runaway calendar can not hurt basic functions? ;-). Pavel -- I'm [EMAIL PROTECTED] "In my country we have almost anarchy and I don't care." Panos Katsaloulis describing me w.r.t. patents at [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
Helge Hafting wrote: > You were talking about how a notebook is a personal thing, > with only one user. Well, the notebook user do of course want to > do a bunch of nifty things like read email on the thing. Guess what, > you need an email daemon for that! And many users don't want to know > the details of setting up an email daemon, so the distribution > install one by default. This kind of users would be outraged if > the distribution didn't - "what - I have to install more stuff just to > get my mail! windows do that out of the box why is this so difficult..." You don't need to be running an e-mail daemon just to read e-mail. -- = Mohammad A. Haque http://www.haque.net/ [EMAIL PROTECTED] "Alcohol and calculus don't mix. Project Lead Don't drink and derive." --Unknown http://wm.themes.org/ [EMAIL PROTECTED] = - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
[OT] linux on pda was Re: [PATCH] Single user linux
On Fri, 27 Apr 2001, Robert Varga wrote: > On Wed, Apr 25, 2001 at 10:34:56AM +1000, Daniel Stone wrote: > > On Wed, Apr 25, 2001 at 01:16:03AM +0100, Alan Cox wrote: > > > > > Quit being a naysayer. UNIX on a PDA is a wet dream. > > > > What real value does it have, apart from the geek "look at me, I'm using > > > > bash" value? Hmm...How about free and open source, uniform app base, easy access by third party vendors. Also it seems to me last I checked PDA's were at least equvalent to the 386 which is ostensibly the bottom linux rung. As for the objection about slow compile times, get real. No PDA is going to compile anything. All compilations happen on your desktop with a crosscompiler. PDA's are for running handy little apps, not development work. Or are we saying M$ CE is as good as it gets. :P Jay - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Fri, Apr 27, 2001 at 03:12:39PM +0200, Robert Varga wrote: > On Wed, Apr 25, 2001 at 10:34:56AM +1000, Daniel Stone wrote: > > On Wed, Apr 25, 2001 at 01:16:03AM +0100, Alan Cox wrote: > > > > What real value does it have, apart from the geek "look at me, I'm using > > > > bash" value? > > > > > > It means I can do anything on my ipaq I can do anywhere else. I can run > > > multiple apps at a time. I can run X11. I can run the palm emulator even ;) > > > > How long does it take you to write "date"? Plus, aren't you content with > > IRCing on your *phone*? ;) > > Okay. Does the word *choice* ring a bell ? Agenda VR3s are supplied with Linux > kernel (modified), and it gives you the freedom to choose what kind of SW > you want to use -- hey, it's linux and when the app fits in the memory, > there's no stopping you. Different look and feel? Different graffitti? Different > kernel? You name it and you got it (well mostly) ;-) I know all this, see my very first point above. I just can't see the real practical value. I'd more than likely find a Palm more productive, as it's simple, does one task, and does it well. If I wanted to buy a PDA, I'd get a Palm. If I wanted to buy a miniature laptop, I'd get a PictureBook or somesuch. I just can't see the practical use. -- Daniel Stone [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, Apr 25, 2001 at 10:34:56AM +1000, Daniel Stone wrote: > On Wed, Apr 25, 2001 at 01:16:03AM +0100, Alan Cox wrote: > > > > Quit being a naysayer. UNIX on a PDA is a wet dream. > > > What real value does it have, apart from the geek "look at me, I'm using > > > bash" value? > > > > It means I can do anything on my ipaq I can do anywhere else. I can run > > multiple apps at a time. I can run X11. I can run the palm emulator even ;) > > How long does it take you to write "date"? Plus, aren't you content with > IRCing on your *phone*? ;) > > > Its the same reason Linux is valuable on an S/390 mainframe. Its a common pool > > of apps, environments and tools. Anything your PC can do, my ipaq can do. > > OK. "time make bzImage". Of course, mine's really slow (and I will consider > myself publically humiliated if my only Linux machine is beaten on a kernel Okay. Does the word *choice* ring a bell ? Agenda VR3s are supplied with Linux kernel (modified), and it gives you the freedom to choose what kind of SW you want to use -- hey, it's linux and when the app fits in the memory, there's no stopping you. Different look and feel? Different graffitti? Different kernel? You name it and you got it (well mostly) ;-) -- Kind regards, Robert Varga -- [EMAIL PROTECTED] http://hq.sk/~nite/gpgkey.txt PGP signature
Re: [PATCH] Single user linux
On Thu, 26 Apr 2001, John Cavan wrote: > I think you have it backwards here, given that Linux works one way and you yeah, it was a patch for linux, but i wasn't thinking linux. there are quite many os out there. and i don't think they're different just because they have programmers with different intelligence level. > If you can't prove the case, I rather suspect that your patch won't make > it. Don't feel bad though, I've yet to get one through either. :o) oh no, that patch was useful to explain the idea. i don't even think it's the right way. but it's a good way to exercise the idea. well, thanks anyway. imel - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
[EMAIL PROTECTED] wrote: > i don't understand, that patch is configurable with 'n' as > default, marked "dangerous". so somebody who turned on that > option must be know what he's doing, doesn't understand english, > or has a broken monitor. This is a very marginal thing that very few people will want or need. (You may think it is nifty - but we disagree on that) If everybody get their favourite patch in with a config option then we get a huge amount of config options, and maintainig the kernel will be much harder because there is thousands of ifdefs for all sorts of rare stuff. There will be your 5 ifdefs, and 26000 other people's 5 ifdefs. Someone making a change will have to check if it works, but will it work with all sorts of combinations of config options? What if someone makes a change that works fine, but makes the kernel uncompileable if your option is turned on? This guy didn't check your config option because he never use it himself... The maintainability issue is why kernel patches usually aren't accepted when the problem can be solved by changing the userspace configuration instead. (In your case by sybstituting "bash" for "getty" in /etc/inittab) This is the case even with very good things - fsck is a userspace program even though it is necessary for any system with a writeable filesystem. You have another problem with the way all the leading developers dislike your idea - buteven trying to convince them is useless as you _still_ run up against "this feature is _easily_ done in userspace" > > If you really want optimization, remove all security instead of > > merely killing a few basic tests. > > those tests responsible for almost all EACCESS & EPERM. Sure, but now you have a lots of if(1) {something} else {other thing} and a better optimization would be to get rid of the entire test. There is a lot of errors that can't happen with your patch, so you really ought to remove the error handling cases too if optimization is what drives you. > > > The notebook user might not care or understand about > > multi-user security, but it is still useful. The user > > have several daemons running that he don't know about, > > they were installed by the distribution. > > The security system can protect files from buggy > > or cracked daemons. > > must be a devil cursed distro, distributing "single-user" > kernel with live daemons. a division of redmon? Is there something you don't understand, or do you really want to run one process at a time? You were talking about how a notebook is a personal thing, with only one user. Well, the notebook user do of course want to do a bunch of nifty things like read email on the thing. Guess what, you need an email daemon for that! And many users don't want to know the details of setting up an email daemon, so the distribution install one by default. This kind of users would be outraged if the distribution didn't - "what - I have to install more stuff just to get my mail! windows do that out of the box why is this so difficult..." There are several other examples of things users _expect_ from a notebook, which just happens to include a daemon process running under a different user-id for safety reasons. (For example the print spooler daemon. Users want to print, and unix is nice in that you don't have to wait for the printer - you can go on editing something else while the printer slowly does its work thanks to the print spooler daemon. This one is installed by default too.) They only ever _log in_ as one user, so the login prompt can safely be eliminated in order to avoid the password hassle. But you still want the multi-user security. Please try to understand that the kernels concept of a "user" don't mean a "person"! There is only one "person" using his/her very personal device - the unix concept of users is a file security thing. You don't want an error in the mail software to use up all the diskspace or overwrite your word processing files. And you don't want a printer driver problem to mess up your mail or your personal files. All these little things is included in good distributions, and they don't cause serious trouble because they are all protected against each other. Your machine is multi-user even if it is strictly single-person! If all this is new to you, please read up on unix before suggesting too much. _Uninformed_ patches easily becomes a nuance, good patches is usually written by people who know very well what they work on. Excellent knowledge of C isn't enough. > > > And protecting the > > configuration (and essential stuff like the user's GUI) from > > being deleted by user accident is still a good thing. > > > > The user who don't need password security can still have a "safe" > > SUID admin program for necessary tasks like changing the > > dialup phone number even though it resides in a protected > > file. So you definitely want the protection system, even > > in a "personal" appliance running linux.
Re: [PATCH] Single user linux
[EMAIL PROTECTED] writes: > i wrote somewhere that it was my mistake to call it single-user when i > mean all user has the same root cap, and reduce "user" (account) to > "profile". Seen this way it makes a tad more sense: 1. you and your spouse share the computer 2. you have different shells, mail folders, etc. 3. both of you are too lazy to use su or sudo It isn't really bright having UID 0 have properties that can't sanely be granted to other UIDs. Sure, we have the capability bits, but just try using them. On the "would be nice" list goes the ability to grant capabilities to a user, and the Novell-like ability to grant one user complete access to the files of another user without mucking with the permission bits on disk. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, 26 Apr 2001, John Cavan wrote: I think you have it backwards here, given that Linux works one way and you yeah, it was a patch for linux, but i wasn't thinking linux. there are quite many os out there. and i don't think they're different just because they have programmers with different intelligence level. If you can't prove the case, I rather suspect that your patch won't make it. Don't feel bad though, I've yet to get one through either. :o) oh no, that patch was useful to explain the idea. i don't even think it's the right way. but it's a good way to exercise the idea. well, thanks anyway. imel - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
[EMAIL PROTECTED] writes: i wrote somewhere that it was my mistake to call it single-user when i mean all user has the same root cap, and reduce user (account) to profile. Seen this way it makes a tad more sense: 1. you and your spouse share the computer 2. you have different shells, mail folders, etc. 3. both of you are too lazy to use su or sudo It isn't really bright having UID 0 have properties that can't sanely be granted to other UIDs. Sure, we have the capability bits, but just try using them. On the would be nice list goes the ability to grant capabilities to a user, and the Novell-like ability to grant one user complete access to the files of another user without mucking with the permission bits on disk. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
[EMAIL PROTECTED] wrote: i don't understand, that patch is configurable with 'n' as default, marked dangerous. so somebody who turned on that option must be know what he's doing, doesn't understand english, or has a broken monitor. This is a very marginal thing that very few people will want or need. (You may think it is nifty - but we disagree on that) If everybody get their favourite patch in with a config option then we get a huge amount of config options, and maintainig the kernel will be much harder because there is thousands of ifdefs for all sorts of rare stuff. There will be your 5 ifdefs, and 26000 other people's 5 ifdefs. Someone making a change will have to check if it works, but will it work with all sorts of combinations of config options? What if someone makes a change that works fine, but makes the kernel uncompileable if your option is turned on? This guy didn't check your config option because he never use it himself... The maintainability issue is why kernel patches usually aren't accepted when the problem can be solved by changing the userspace configuration instead. (In your case by sybstituting bash for getty in /etc/inittab) This is the case even with very good things - fsck is a userspace program even though it is necessary for any system with a writeable filesystem. You have another problem with the way all the leading developers dislike your idea - buteven trying to convince them is useless as you _still_ run up against this feature is _easily_ done in userspace If you really want optimization, remove all security instead of merely killing a few basic tests. those tests responsible for almost all EACCESS EPERM. Sure, but now you have a lots of if(1) {something} else {other thing} and a better optimization would be to get rid of the entire test. There is a lot of errors that can't happen with your patch, so you really ought to remove the error handling cases too if optimization is what drives you. The notebook user might not care or understand about multi-user security, but it is still useful. The user have several daemons running that he don't know about, they were installed by the distribution. The security system can protect files from buggy or cracked daemons. must be a devil cursed distro, distributing single-user kernel with live daemons. a division of redmon? Is there something you don't understand, or do you really want to run one process at a time? You were talking about how a notebook is a personal thing, with only one user. Well, the notebook user do of course want to do a bunch of nifty things like read email on the thing. Guess what, you need an email daemon for that! And many users don't want to know the details of setting up an email daemon, so the distribution install one by default. This kind of users would be outraged if the distribution didn't - what - I have to install more stuff just to get my mail! windows do that out of the box why is this so difficult... There are several other examples of things users _expect_ from a notebook, which just happens to include a daemon process running under a different user-id for safety reasons. (For example the print spooler daemon. Users want to print, and unix is nice in that you don't have to wait for the printer - you can go on editing something else while the printer slowly does its work thanks to the print spooler daemon. This one is installed by default too.) They only ever _log in_ as one user, so the login prompt can safely be eliminated in order to avoid the password hassle. But you still want the multi-user security. Please try to understand that the kernels concept of a user don't mean a person! There is only one person using his/her very personal device - the unix concept of users is a file security thing. You don't want an error in the mail software to use up all the diskspace or overwrite your word processing files. And you don't want a printer driver problem to mess up your mail or your personal files. All these little things is included in good distributions, and they don't cause serious trouble because they are all protected against each other. Your machine is multi-user even if it is strictly single-person! If all this is new to you, please read up on unix before suggesting too much. _Uninformed_ patches easily becomes a nuance, good patches is usually written by people who know very well what they work on. Excellent knowledge of C isn't enough. And protecting the configuration (and essential stuff like the user's GUI) from being deleted by user accident is still a good thing. The user who don't need password security can still have a safe SUID admin program for necessary tasks like changing the dialup phone number even though it resides in a protected file. So you definitely want the protection system, even in a personal appliance running linux. Because it protects against stupid mistakes like experimenting with
Re: [PATCH] Single user linux
On Wed, Apr 25, 2001 at 10:34:56AM +1000, Daniel Stone wrote: On Wed, Apr 25, 2001 at 01:16:03AM +0100, Alan Cox wrote: Quit being a naysayer. UNIX on a PDA is a wet dream. What real value does it have, apart from the geek look at me, I'm using bash value? It means I can do anything on my ipaq I can do anywhere else. I can run multiple apps at a time. I can run X11. I can run the palm emulator even ;) How long does it take you to write date? Plus, aren't you content with IRCing on your *phone*? ;) Its the same reason Linux is valuable on an S/390 mainframe. Its a common pool of apps, environments and tools. Anything your PC can do, my ipaq can do. OK. time make bzImage. Of course, mine's really slow (and I will consider myself publically humiliated if my only Linux machine is beaten on a kernel Okay. Does the word *choice* ring a bell ? Agenda VR3s are supplied with Linux kernel (modified), and it gives you the freedom to choose what kind of SW you want to use -- hey, it's linux and when the app fits in the memory, there's no stopping you. Different look and feel? Different graffitti? Different kernel? You name it and you got it (well mostly) ;-) -- Kind regards, Robert Varga -- [EMAIL PROTECTED] http://hq.sk/~nite/gpgkey.txt PGP signature
Re: [PATCH] Single user linux
Hi! Since when, did mobile phones == computers? read the news! i'm programming nokia 9210 with c++, is that computer enough? Aah. I see. Where was this? I never saw it. 9210 has qwerty keyboard. i bet if you programmed one, you'd wish you have posix interface. That may be so, so hack up your own OS. It's a MOBILE PHONE, it needs to be absolutely *rock solid*. Look at the 5110, that's just about perfect. The 7110, on the other hand ... And point is? that also explain why win95 user doesn't want to use NT. not because they can't afford it (belive me, here NT costs only us$2), but additional headache isn't acceptable. So, let them stay in Win95. They don't *need* NT. and how's stability, speed, etc. they read. is there a linux advocate around here? There are Linux advocates, but I'd say most of us are sane enough to use the right-tool-for-the-job approach. And UNIX on a phone is pure overkill. Is it? Let's see. You want your mobile phone to read mail. That's SMTP. Oh, and SMTP needs to run over something. That's TCP/IP over PPP or SLIP. Oh and you want web access. Add HTTP to the list. [above is reasonable even for normal mobile phone; those below require keyboard] You'd like to ssh from your mobile phone. Add ssh. You'd like to ssh *to* your mobile phone, because it keyboard sucks. That sshd. You'd like to be able to let others to play games on your mobile phone, oh that means multiuser mode. You see? Linux has much stuff you'll need. okay, it wouldn't cost me. but it surely easier if everybody used linux, so i could put my ext2 disk everywhere i want. hey, it's obvious that it's not for a server! i try to point out a problem for people not on this list, don't work around that problem. Your sister won't notice much advantage. Linux on a workstation actually has *disadvantages* (unfamiliar interface, unintuitive same, etc), as opposed to 'Doze on a workstation. Sure it's more stable, and the tiniest bit faster, but what's that really matter to your sister, if she can't even figure out how to use it? My brother is 10 and he uses suse7.2 installation just fine. He likes it more than windoze 2000 (I deleted) because there are more games in kde than in windows. [I'd prefer gnome.] -d, who owns a 7110 and can lock it solid, or get it to do funny resetting tricks, at least once every 2 days Hmm, maybe your 7110 needs memory protection so that runaway calendar can not hurt basic functions? ;-). Pavel -- I'm [EMAIL PROTECTED] In my country we have almost anarchy and I don't care. Panos Katsaloulis describing me w.r.t. patents at [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, Apr 26, 2001 at 09:35:45PM +0200, Pavel Machek wrote: Hi! Hola. read the news! i'm programming nokia 9210 with c++, is that computer enough? Aah. I see. Where was this? I never saw it. 9210 has qwerty keyboard. He said read the news. I've seen the 9110 and 9210's, I was asking where this news was. i bet if you programmed one, you'd wish you have posix interface. That may be so, so hack up your own OS. It's a MOBILE PHONE, it needs to be absolutely *rock solid*. Look at the 5110, that's just about perfect. The 7110, on the other hand ... And point is? The point is that you need a known good, absolutely rock-solid OS to do it, and IMHO, you really need a customised job, not something like Linux, which is a monolith in comparison. and how's stability, speed, etc. they read. is there a linux advocate around here? There are Linux advocates, but I'd say most of us are sane enough to use the right-tool-for-the-job approach. And UNIX on a phone is pure overkill. Is it? Let's see. You want your mobile phone to read mail. That's SMTP. Oh, and SMTP needs to run over something. That's TCP/IP over PPP or SLIP. Oh and you want web access. Add HTTP to the list. In the mobile world, that is *all* WAP. [above is reasonable even for normal mobile phone; those below require keyboard] You'd like to ssh from your mobile phone. Add ssh. You'd like to ssh *to* your mobile phone, because it keyboard sucks. That sshd. You'd like to be able to let others to play games on your mobile phone, oh that means multiuser mode. I'd *like* to, sure, but this is impractical because the mobile links suck so hard. Dunno about you, but it takes a few seconds to pull in a 1k page. Ugh. SSH? Games, sure, I point my phone at a 7110 or 6210 and I can play 2-player Snake 2 :) You see? Linux has much stuff you'll need. True, but you have to be wary of overkill, like I said. Your sister won't notice much advantage. Linux on a workstation actually has *disadvantages* (unfamiliar interface, unintuitive same, etc), as opposed to 'Doze on a workstation. Sure it's more stable, and the tiniest bit faster, but what's that really matter to your sister, if she can't even figure out how to use it? My brother is 10 and he uses suse7.2 installation just fine. He likes it more than windoze 2000 (I deleted) because there are more games in kde than in windows. [I'd prefer gnome.] I've used RedHat since I was about 11, Debian since 13. It's not that hard, if you can just get used to it. But you're playing with yourself if you think that KDE has more games than Win2k ... Black White? All the Star Wars games? etc ... I know a lot of them are being ported to Linux, most via Loki, but still ... (I use GNOME, and the panel giving me Bus errors is starting to annoy me). -d, who owns a 7110 and can lock it solid, or get it to do funny resetting tricks, at least once every 2 days Hmm, maybe your 7110 needs memory protection so that runaway calendar can not hurt basic functions? ;-). Oh, I think it's just to do with changing state, seeing as most of the lockups I get are when I hit keys really, really quickly in sequence, and one lands just as the screen's blank, and it's changing state (snake 2 can also kill it). -- Daniel Stone [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
agenda vtech helio [was Re: [PATCH] Single user linux]
Hi! And UNIX on a phone is pure overkill. Quit being a naysayer. UNIX on a PDA is a wet dream. http://www.agendacomputing.com/ (not that the reviews have been very kind) Nor has an official product been released. Reviewing hardware and software in open development model before it is officially stamped final release is unfair to say the least. I follow the agenda list and it is a nice piece of hardware and the software Is there agenda emulator, somewhere? Is there their root filesystem available for download? [Besides, anyone knows of vtech helio emulator for linux? Only version I saw was windows...] I'm running linux on philips velo, which is similar to agenda, and I guess I could use some of their stuff. (Anybody knows about support of audio on r39xx companion chip? Or about voltmeters support?) Pavel -- I'm [EMAIL PROTECTED] In my country we have almost anarchy and I don't care. Panos Katsaloulis describing me w.r.t. patents at [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
Hi! What real value does it have, apart from the geek look at me, I'm using bash value? I don't really want to get into it at the moment, but imagine hacking netfilter without lugging a laptop around. PDA's are sleek and cool, and using UNIX on them lets you write shell scripts to sort your addresses and stuff like that. Basically it's everything that's cool about Unix as a workstation OS scaled down to PDA-size. True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a tab! not space! you just broke my makefiles! aargh!), and compiling So you telnet to your PDA from some real machine. And you don't need to write C code in order for unix environment to be usable. 50% of unix users I know use it for pine/mutt emacs/vi talk/irc/mud kind of stuff. Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA. Hrmz. How many hours? I'd say less than minute. In todays PDAs, 80MHz mips cpu is *slow*. Pavel -- I'm [EMAIL PROTECTED] In my country we have almost anarchy and I don't care. Panos Katsaloulis describing me w.r.t. patents at [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
Hi! OK. time make bzImage. Of course, mine's really slow (and I will consider myself publically humiliated if my only Linux machine is beaten on a kernel compile by an iPAQ). I 'spose, if it only goes into suspend, the ability to write uptime on it constitutes a walking penis extension after a while? When I first started I compiled my linux kernels on a 386 dx with 8 mb ram heh. I think a lot of the current PDAs are faster. My pocket computer is 40MHz mips r3902, likely faster than your 386dx. That's 3 years old. Anything you can buy today is at least twice as fast. [hell, I saw 8MB ram 2MB flash 80MHz mips machine in size of palm for $100 (vtech helio) -- I'll tell you where to buy it when you ask.] Pavel -- I'm [EMAIL PROTECTED] In my country we have almost anarchy and I don't care. Panos Katsaloulis describing me w.r.t. patents at [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: agenda vtech helio [was Re: [PATCH] Single user linux]
Pavel Machek [EMAIL PROTECTED] sez: available for download? [Besides, anyone knows of vtech helio emulator for linux? Only version I saw was windows...] http://www.kernelconcepts.de/helio/helio-emulator-1.0.6b.tar.gz Works slowly, but okay. Your X server must be set to 15 or 16bpp. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, Apr 26, 2001 at 09:41:13PM +0200, Pavel Machek wrote: When I first started I compiled my linux kernels on a 386 dx with 8 mb ram heh. I think a lot of the current PDAs are faster. My pocket computer is 40MHz mips r3902, likely faster than your 386dx. That's 3 years old. Anything you can buy today is at least twice as fast. [hell, I saw 8MB ram 2MB flash 80MHz mips machine in size of palm for $100 (vtech helio) -- I'll tell you where to buy it when you ask.] The Compaq iPaq uses an Intel StrongARM SA1110 CPU running at 190MHz. Integer performance for a 221MHz SA1110 is comparable with a Pentium 180 (on the average), so I guess that the iPaq performance is compatable with a P166. Erik -- J.A.K. (Erik) Mouw, Information and Communication Theory Group, Department of Electrical Engineering, Faculty of Information Technology and Systems, Delft University of Technology, PO BOX 5031, 2600 GA Delft, The Netherlands Phone: +31-15-2783635 Fax: +31-15-2781843 Email: [EMAIL PROTECTED] WWW: http://www-ict.its.tudelft.nl/~erik/ - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
Not to mention fold up keyboard, IBM microdrive, etc. So you can run the ARM Debian distro either via NFS (with the problems that entails), or even locally on a microdrive (or I suppose you could also play with an IDE or SCSI controller if you were really insane). On the kernel software side, we also have IPV6/mobile IP running. We're using Dave Woodhouse's JFFS2 with compression for our file system (Compressed journalling flash file system) on flash. In terms of apps, various PIM stuff, though needs lots of work, other goodies like GPS applications, etc. Mozilla in previous versions has been known to work. Tons of games, doom, etc. MP3 players (at least 3). Gnome core libraries. Python, Java 2 standard edition, swing, all running etc. Lots of work/fun left to do, of course, in all areas. Shall we just say we're having lots and lots and lots of fun :-). These are real computers. Lots of dust in the air: lots should have settled by June. In particular, look at the Familiar work. See www.handhelds.org. I apologize about the state of our web site: I've done much of the maintenance in the past, but I've been out for some surgery and life has been insane ever since. Most of the interesting stuff is in the Wiki. And iPAQ's are not as unobtanium as they once were: we're in really high volume production (100K/month) but demand still outstrips supply (sigh...). Come join the party... - Jim Gettys Sender: [EMAIL PROTECTED] From: Disconnect [EMAIL PROTECTED] Date: Wed, 25 Apr 2001 10:17:55 -0400 To: Ronald Bultje [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [PATCH] Single user linux - On Wed, 25 Apr 2001, Ronald Bultje did have cause to say: Who says it needs to compile? Who says it needs software installed? Who says it needs to run the software itself? My current project (and I'm just waiting for nfs and wvlan_cs to stabalize on ARM before putting the final touches on it) is an ipaq nfsrooted to a Debian image, over the wireless lan. Works like a champ, and it -does- compile stuff reasonably fast (well, reasonably fast considering the data is all on the far side of 11M/sec wireless.) My kit is mostly portable as well, since the nfs server is on the libretto and runs just fine in my backpack ;) The next step is bludgeoning debian-arm into not running 50-100 little servers I don't need on my PIM. But that may be the function of a task-nfs-ipaq package or some such. So far -multiuser- linux on PIMs (true linux, with X, etc, as distinct from pocketlinux/qpe/etc, which are a different animal in this case) is almost there. Web browsers are coming along nicely (and remote-X netscape is usable, although barely) and there are several nice imap clients. (and input methods ranging from a handwriting system to a little onscreen keyboard, if you are in a situation where an external keyboard is not feasable.) --- -- Jim Gettys Technology and Corporate Development Compaq Computer Corporation [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
> > On Thu, 26 Apr 2001, Ian Stirling wrote: > > > Also, there is another reason. > > If you'r logged in as root, then any exploitable bug in large programs, > > be it netscape, realplayer, wine, vmware, ... means that the > > cracker owns your machine. > Heh. You receive all your email on your root account? Nope. For historical reasons (I gave out this address before I started using linux) and mail to root here does not actually go to root. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, 26 Apr 2001 [EMAIL PROTECTED] wrote: > > On Thu, 26 Apr 2001, [iso-8859-1] Rasmus Bøg Hansen wrote: > > > i'd be happy to accept proof that multi-user is a solution for > > > clueless user, not because it's proven on servers. but because it is > > > a solution by definition. > > > > Let's turn the question the other way. It's you trying to convince > > us, that everyone needs root access. What does a clueless user need root > > access for? > > what work around what? right now it's the kernel who thinks that root > is special, and applications work around that because there's a > division of super-user and plain user. is that a must? Basically yes. But if you do not want _any_ security - you can drop it. I started using Linux (and unix in general) in '96 (thanks Linus). And now - feelin like an experienced linux (unix) user I feel more like ever, I do _not_ want to be root You do not understand the unix security aspects. You do not want unix security and do not want unix. Then stop using it. People from redmond allow you to trash your system without any special effort. Stop bugging us. Have you noticed you never got response from Linus? He is probably still laughing (or feeling pissed off) - Stop trashing his (good) work, I know he is not the only one (I thank every Linux developer)... Did you ever realize, that the unix security model hasn't changed radically for 30 years? Beacause what? It is (opposite your patch) mostly good. > it's trivial to say that in multi-user system, one user shall not mess > with other user. in multi-process, a process shall not mess with other > process. Ok. If you want to fuck up other people's processes, do it. Kill init and get strange panics. If you want to crash other people's work, do it. But begone from _my_ box Go to a bar and get drunk (as you do not seem to have anything better to use your time for),. > but when it comes to a computer which only has one user, why would > it stop a user. because the kernel thinks it isn't right? if he > felt like killing random process, which is owned by other than the > user, is it a wrong thing to do? he owns the computer, he may do > anything he wants. Yeah. If he wants to do that he logs in as root. 'killall -1'? 'dd if=/dev/zero of=/dev/kcore'. Yeah, crash your computer if you want. But the 'clueless user does not want to'! > and i'm not even trying to convince anyone. communicating is > closer. Who are you not trying to convince? You propose a patch - you try to convince us to drop the unix secuity model... > > And if you really want everybody to have access to all files, you can > > just do a 'chmod 777 /'. Perhaps set it up as a cronjob to run daily? > > > Besides you write, that a distro shipping single-user is evil. So you > > want the clueless user to recompile his own kernel to enable single-user > > iff that distro starts up daemons. Or the user starts up daemons. He has root privileges after all. > > mode (why do at all call it 'single-user' when you still have different > > i wrote somewhere that it was my mistake to call it single-user when i > mean all user has the same root cap, and reduce "user" (account) to > "profile". Ok. My mistake. You want to use 'user profiles' but not use the advantages... You don't have to. You can use Windows if you want to. You can just use root. As long as you do not hack /sbin/login or xdm, you will still have to type login/password - no win, no gain. If it wasn't for the nips, being so good at bulding ships the yards would still be open in the clyde get out to a war and get shot! Rasmus -- -- [ Rasmus 'Møffe' Bøg Hansen ] -- I don't suffer from insanity, i enjoy every minute of it! - [ moffe at amagerkollegiet dot dk ] - - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, 26 Apr 2001, Ian Stirling wrote: > Also, there is another reason. > If you'r logged in as root, then any exploitable bug in large programs, > be it netscape, realplayer, wine, vmware, ... means that the > cracker owns your machine. > If they are not, then the cracker has to go through another significant > hoop, in order to get access to the machine. > For optimal security, you can do things like running netscape and other > apps under unpriveledged users, where they only have access to their own > files. > > (Note, netscape/.. are just used as examples, I'm not saying they are > more buggy than others, just large, and hard to get bug-free) > Heh. You receive all your email on your root account? -- = Mohammad A. Haque http://www.haque.net/ [EMAIL PROTECTED] "Alcohol and calculus don't mix. Project Lead Don't drink and derive." --Unknown http://wm.themes.org/ [EMAIL PROTECTED] = - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, 26 Apr 2001 [EMAIL PROTECTED] wrote: > you're right, we could do it in more than one way. like copying > with mcopy without mounting a fat disk. the question is where to put it. > why we do it is an important thing. > taking place as a clueless user, i think i should be able to do anything. > i'd be happy to accept proof that multi-user is a solution for > clueless user, not because it's proven on servers. but because it is > a solution by definition. > I think you have it backwards here, given that Linux works one way and you want it to work another. Basically, I would suggest that it is up to you to prove that multi-user is NOT a solution for "clueless" user, especially given that there have been a number of suggestions on how to do it without changing the kernel or even changing software. If you can't prove the case, I rather suspect that your patch won't make it. Don't feel bad though, I've yet to get one through either. :o) John - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
> > > On Thursday, April 26, 2001, at 07:03 AM, <[EMAIL PROTECTED]> wrote: > > he owns the computer, he may do anything he wants. > Any OS worth its weight in silicon will make a distinction between > blessed and unblessed users. It can be phrased in different ways -- > root vs. non-root, admin vs. non-admin. But no one should EVER log in > to a machine as root. Period. (1) Also, there is another reason. If you'r logged in as root, then any exploitable bug in large programs, be it netscape, realplayer, wine, vmware, ... means that the cracker owns your machine. If they are not, then the cracker has to go through another significant hoop, in order to get access to the machine. For optimal security, you can do things like running netscape and other apps under unpriveledged users, where they only have access to their own files. (Note, netscape/.. are just used as examples, I'm not saying they are more buggy than others, just large, and hard to get bug-free) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
At 09:03 PM 4/26/01 +0700, you wrote: >right now it's the kernel who thinks that root >is special, and applications work around that because there's a >division of super-user and plain user. is that a must? Short answer: Yes. Long answer: The division is artificial, but is absolutely necessary for administration of a Unix-type system. For example, when the process currently running is not running as a "superuser" process, the process cannot run resources down to absolute zero -- think disk allocation. This means that the administrator (who may be the same person as the "user") has a chance of being able to recover from a runaway process gracefully by being able to go in and kill that process before the whole system lays down and dies. Ever watch what happens when Windows runs out of "swap space" because the swap file can't get any space? Ever try to recover from it? Make damn sure you have the non-upgrade CD around when you try this. Even more important, make sure you have multiple back-ups when you try this. The whole point of "user" and "superuser" is that when the user does something stupid or careless or even malicious, the superuser can bail the system out. You don't usually work in superuser mode, and programs that don't need superuser access don't get it. Humans make mistakes a number of orders of magnitude more often than computers do. The barrier helps minimize the damage. Satch - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thursday, April 26, 2001, at 07:03 AM, <[EMAIL PROTECTED]> wrote: > he owns the computer, he may do anything he wants. This sentence really stood out for me, and implies a profound lack of understanding of multi-user machines. No offense intended. I've been a Unix admin for over ten years, and I like to think that I know my way around pretty well. But I do not and will NEVER log in to a machine as root to do work. I am the only user of my MacOS X laptop and home Linux boxes, and I still have my own personal login on all of them. What's at issue is not ownership or trust, but one of accountability and safety. Any OS worth its weight in silicon will make a distinction between blessed and unblessed users. It can be phrased in different ways -- root vs. non-root, admin vs. non-admin. But no one should EVER log in to a machine as root. Period. (1) Multi-user/modern operating systems exist precisely to destroy the fatal flaw that you are attempting to reintroduce. Users should have reduced privileges during normal use, and conditional privilege on demand. Safe from User Error and no less functional on GUI-based systems. People keep saying this, but I'll say it again. This can easily be done in user-space. This HAS been done. Many times. Well. It's possible to put a user in privileged mode automatically, but I'm not convinced that an extra prompt to go into privileged mode is a bad thing from a usability standpoint. So it doesn't need to be in the kernel. And why put it there if it doesn't need to be? Even if it's off by default, it's bloat. And dangerous, conceptually flawed bloat that can't be disabled with 'chkconfig' or 'rpm -e'. And how many people will use it? And should the kernel group allow them to from an out-of-box kernel? As I understand it, part of the responsibility of the maintainers is to maintain a conceptually focused kernel. There's nothing preventing you from distributing your patch, but inserting this into "the" kernel seems unacceptable IMVHO. I think we understand the "why" of your patch, but I think you need to elucidate further on how the ends justify the means. Sorry to kick a dead horse, -- Ken. [EMAIL PROTECTED] (1) Except for gnarly testbed/admin machines, etc. etc. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, 26 Apr 2001, [iso-8859-1] Rasmus Bøg Hansen wrote: > > i'd be happy to accept proof that multi-user is a solution for > > clueless user, not because it's proven on servers. but because it is > > a solution by definition. > > Let's turn the question the other way. It's you trying to convince > us, that everyone needs root access. What does a clueless user need root > access for? what work around what? right now it's the kernel who thinks that root is special, and applications work around that because there's a division of super-user and plain user. is that a must? it's trivial to say that in multi-user system, one user shall not mess with other user. in multi-process, a process shall not mess with other process. but when it comes to a computer which only has one user, why would it stop a user. because the kernel thinks it isn't right? if he felt like killing random process, which is owned by other than the user, is it a wrong thing to do? he owns the computer, he may do anything he wants. and i'm not even trying to convince anyone. communicating is closer. > > And if you really want everybody to have access to all files, you can > just do a 'chmod 777 /'. Perhaps set it up as a cronjob to run daily? > > Besides you write, that a distro shipping single-user is evil. So you > want the clueless user to recompile his own kernel to enable single-user iff that distro starts up daemons. > mode (why do at all call it 'single-user' when you still have different i wrote somewhere that it was my mistake to call it single-user when i mean all user has the same root cap, and reduce "user" (account) to "profile". imel - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On 2001.04.26 13:31:54 +0200 [EMAIL PROTECTED] wrote: > On Thu, 26 Apr 2001, Helge Hafting wrote: > > The linux kernel ought to be flexible, so most people can use > > it as-is. It can be used as-is for your purpose, and > > it have been shown that this offer more security _without_ > > inconvenience. Your patch however removes multi-user security > > for the many who needs it - that's why it never will get accepted. > > Feel free to run your own patched kernels - but your > > patch will never make it here. > > i don't understand, that patch is configurable with 'n' as > default, marked "dangerous". so somebody who turned on that > option must be know what he's doing, doesn't understand english, > or has a broken monitor. I can make a virus, patch the kernel and send it in, with a 'N' by default. But what is the use of this? Do you think this will be implemented??? Your thing is as dangerous as a virus, basically. It gives root to everyone, although they have separate UIDs. And whenever there is a way out (i.e. surfing the web, reading mail), there is a way in. So that would make your system a very nice target to hack -> since you basically are root this means they can change anything as soon as they have access. If you're not root, they can't, since they can only do what you as a user can do. The whole goal of your patch is to make computer life easier. This patch doesn't do that - it goes far worse. We gave you a few suggestions on better/easier ways to accomplish this goal - take them as advice and use them instead. Easy: chmod -R 777 / (same risk, though) Good: use su for installing software (su -c "make install") Can't get much easier than that (and if a clueless user needs to do this, let him use redhat's RPM manager, "enter your password" with a nice X-window, and press that button "install" - same effect)... You don't need to patch the kernel for this... -- Ronald Bultje - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
> taking place as a clueless user, i think i should be able to do anything. Yeah, I thought so when I started using Linux. I stopped thinking so, when I accidentally blew up the FS on my datadrive and lost nearly _everything_ I had written for 2 years... > i'd be happy to accept proof that multi-user is a solution for > clueless user, not because it's proven on servers. but because it is > a solution by definition. Let's turn the question the other way. It's you trying to convince us, that everyone needs root access. What does a clueless user need root access for? Programming - no. Writing documents - no. Surfing the web - no. Reading email - no. Installing kernels - yes (but a clueless user won't do this). Running viruses, that blow up the entire system - yes. Installing software - yes. But how often do you do that? And is the 'su' really so hard to remember? If you really want to have different uids, why not hack xdm/login to autologin. And when it autologins to a specific user, why do you want different id's? And if you really want everybody to have access to all files, you can just do a 'chmod 777 /'. Perhaps set it up as a cronjob to run daily? Besides you write, that a distro shipping single-user is evil. So you want the clueless user to recompile his own kernel to enable single-user mode (why do at all call it 'single-user' when you still have different ID's?)... The clueless user probably does not even know what the kernel is - and then have to recompile it... Rasmus -- -- [ Rasmus 'Møffe' Bøg Hansen ] -- if (getenv(EDITOR) == "vim") {karma++}; - [ moffe at amagerkollegiet dot dk ] - - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
David Weinehall wrote: > So do us all a favour, send this patch to Linus. I'd give you a 1/10 chance > of getting a reply at all, and a 1/100 that the answer won't > be along the terms of "No way in hell, never!" (possibly worded a bit > different.) If you don't get any response in say a week or so, just give > up. Amusing thing is that he did CC Linus on the patch and Linus hasn't said a peep. I bet Linus laughed his ass off as he deleted the message bit-by-bit. -- = Mohammad A. Haque http://www.haque.net/ [EMAIL PROTECTED] "Alcohol and calculus don't mix. Project Lead Don't drink and derive." --Unknown http://wm.themes.org/ [EMAIL PROTECTED] = - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
[EMAIL PROTECTED] wrote: > i'd be happy to accept proof that multi-user is a solution for > clueless user, not because it's proven on servers. but because it is > a solution by definition. Clueless user deletes files critical to running the system. '!@#$% Why can't I boot. Oh my gosh!! Linux sucks!' -- = Mohammad A. Haque http://www.haque.net/ [EMAIL PROTECTED] "Alcohol and calculus don't mix. Project Lead Don't drink and derive." --Unknown http://wm.themes.org/ [EMAIL PROTECTED] = - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, Apr 26, 2001 at 07:11:24PM +0700, [EMAIL PROTECTED] wrote: > > On Wed, 25 Apr 2001, John Cavan wrote: > > > Several distributions (Red Hat and Mandrake certainly) offer auto-login > > tools. In conjunction with those tools, take the approach that Apple > > used with OS X and setup "sudo" for administrative tasks on the machine. > > This allows the end user to generally administer the machine without all > > the need to hack the kernel, modify login, operate as root, etc. You can > > even restrict their actions with it and log what they do. > > > > In the end though, I really don't see the big deal with having a root > > user for general home use. Even traditionally stand-alone operating > > > > you're right, we could do it in more than one way. like copying > with mcopy without mounting a fat disk. the question is where to put it. > why we do it is an important thing. > taking place as a clueless user, i think i should be able to do anything. > i'd be happy to accept proof that multi-user is a solution for > clueless user, not because it's proven on servers. but because it is > a solution by definition. Look, all of this is VERY simple. There is only one single person you have to convince to get this into the kernel. And you DO have to convince him, because no matter how many others you try to force this upon, nothing gets into the kernel without the consent of the almighty penguin. So do us all a favour, send this patch to Linus. I'd give you a 1/10 chance of getting a reply at all, and a 1/100 that the answer won't be along the terms of "No way in hell, never!" (possibly worded a bit different.) If you don't get any response in say a week or so, just give up. /David Weinehall _ _ // David Weinehall <[EMAIL PROTECTED]> /> Northern lights wander \\ // Project MCA Linux hacker// Dance across the winter sky // \> http://www.acc.umu.se/~tao/http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, 25 Apr 2001, John Cavan wrote: > Several distributions (Red Hat and Mandrake certainly) offer auto-login > tools. In conjunction with those tools, take the approach that Apple > used with OS X and setup "sudo" for administrative tasks on the machine. > This allows the end user to generally administer the machine without all > the need to hack the kernel, modify login, operate as root, etc. You can > even restrict their actions with it and log what they do. > > In the end though, I really don't see the big deal with having a root > user for general home use. Even traditionally stand-alone operating > you're right, we could do it in more than one way. like copying with mcopy without mounting a fat disk. the question is where to put it. why we do it is an important thing. taking place as a clueless user, i think i should be able to do anything. i'd be happy to accept proof that multi-user is a solution for clueless user, not because it's proven on servers. but because it is a solution by definition. imel - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, 26 Apr 2001, Helge Hafting wrote: > The linux kernel ought to be flexible, so most people can use > it as-is. It can be used as-is for your purpose, and > it have been shown that this offer more security _without_ > inconvenience. Your patch however removes multi-user security > for the many who needs it - that's why it never will get accepted. > Feel free to run your own patched kernels - but your > patch will never make it here. i don't understand, that patch is configurable with 'n' as default, marked "dangerous". so somebody who turned on that option must be know what he's doing, doesn't understand english, or has a broken monitor. > If you really want optimization, remove all security instead of > merely killing a few basic tests. those tests responsible for almost all EACCESS & EPERM. > The notebook user might not care or understand about > multi-user security, but it is still useful. The user > have several daemons running that he don't know about, > they were installed by the distribution. > The security system can protect files from buggy > or cracked daemons. must be a devil cursed distro, distributing "single-user" kernel with live daemons. a division of redmon? > And protecting the > configuration (and essential stuff like the user's GUI) from > being deleted by user accident is still a good thing. > > The user who don't need password security can still have a "safe" > SUID admin program for necessary tasks like changing the > dialup phone number even though it resides in a protected > file. So you definitely want the protection system, even > in a "personal" appliance running linux. Because it > protects against stupid mistakes like experimenting > with editing files in the /etc directory on the notebook with > a word processor. Users don't understand why saving in > word processor format might be bad hmm, the other thing i hate is policy. ever consider that you're talking policy? maybe reboot() should sync() first? > A notebook is a particularly bad example. Those with notebooks > might not want to use passwords all the time, but it is > very convenient if you have to leave a notebook with sensitive data > with someone you don't trust. Business secrets or something > as simple as a diary. This kind of users can be logged in > all the time, mostly avoiding passwords. And log out > in those few cases they need to leave the machine in > unsafe places. and that someone who had the notebook can't access sensitive data without a passwd? that's what i'm trying to say. if you carried your server, and leave it in unsafe places, why would anybody try to crack it? just get the harddisks put it in another computer, voila. so much for security. > > - linux is stable not only because security. > Sure, but security definitely adds to its stability. i don't know what you mean by stability. if you meant linux can run a year without a reboot, what security has anything to do with stability? the kernel is stable, yes, do we here linux server got cracked yes, it's still stable though. > > - with that patch, people will still have authentication. > > so ssh for example, will still prevent illegal access, if > Nope. Someone ssh'ing into your system still > cannot guess someone elses password. They can log in > into their own account though, and abuse other > users accounts or the machine configuration because > there is no protection. Unprotected accounts only means > you get your own account _by default_, you have the > power to trash all the others. A malicious user could > even change the other users passwords and re-enable the > security system so they loose. i didn't disable password! if someone got into a personal machine through ssh by guessing, most likely that account is the owner's. who else? > > > you had an exploit you're screwed up anyway. > Many exploits are limited. Cracking a damenon running > as "nobody" or some daemon user may not be all that > satisfying - you might be unable to take over the machine. > An exploit doesn't necessarily give root access. that line was still about ssh. besides, if someone would run a server for the world, then he must had drain bamage. > You get a lot of opinions. Don't mistake them for flames > just because they disagree with everything you say. you haven't seen my inbox. > Multi-user security is useful for much more than server use. > A good "personal" setup includes at least 3 users: > * root - for administration > * the user - for running the programs the user himself use. > I.e. the word processor on a notebook, the user inteface > on a linux phone, and so on. > * a nobody user, for safer daemons. If any kind of daemon > is used at all. Surprisingly many appliances might > run a daemon - a snmp daemon, or a webserver serving > the same purpose (So your can check your home > appliance from work perhaps) but think about the idea of multi-user. it means protection for the system and other
Re: [PATCH] Single user linux
[EMAIL PROTECTED] wrote: > so when everybody suggested playing with login, getty, etc. > i know you have got the wrong idea. if i wanted to play > on user space, i'd rather use capset() to set all users > capability to "all cap". that's the perfect equivalent. > The linux kernel ought to be flexible, so most people can use it as-is. It can be used as-is for your purpose, and it have been shown that this offer more security _without_ inconvenience. Your patch however removes multi-user security for the many who needs it - that's why it never will get accepted. Feel free to run your own patched kernels - but your patch will never make it here. > so the user space solution (capset()) works, but then came > the idea to optimize away. that's what blow everybody up. > don't get me wrong, i always agree with rik farrow when he > wrote in ;login: that we should build software with security > in mind. > If you really want optimization, remove all security instead of merely killing a few basic tests. > but i also hate bloat. lets not go to arm devices, how about > a notebook. it's a personal thing, naturally to people who > doesn't know about computer, personal doesn't go with multi > user. by that i mean user with different capabilities, not > different persons. The notebook user might not care or understand about multi-user security, but it is still useful. The user have several daemons running that he don't know about, they were installed by the distribution. The security system can protect files from buggy or cracked daemons. And protecting the configuration (and essential stuff like the user's GUI) from being deleted by user accident is still a good thing. The user who don't need password security can still have a "safe" SUID admin program for necessary tasks like changing the dialup phone number even though it resides in a protected file. So you definitely want the protection system, even in a "personal" appliance running linux. Because it protects against stupid mistakes like experimenting with editing files in the /etc directory on the notebook with a word processor. Users don't understand why saving in word processor format might be bad A notebook is a particularly bad example. Those with notebooks might not want to use passwords all the time, but it is very convenient if you have to leave a notebook with sensitive data with someone you don't trust. Business secrets or something as simple as a diary. This kind of users can be logged in all the time, mostly avoiding passwords. And log out in those few cases they need to leave the machine in unsafe places. > > i haven't catch up with all my mails, but my response to > some: > - linux is stable not only because security. Sure, but security definitely adds to its stability. Instead of nuking it all, just remove what bothers you. The security system has plenty to offer even when you skip the password part. > - linux was designed for multi-user, dos f.eks. is designed > for personal use, so does epoc, palmos, mac, etc. > - i even use plan9 with kfs restrictions disabled sometimes, > cause i don't have cpu server, auth server, etc. > - with that patch, people will still have authentication. > so ssh for example, will still prevent illegal access, if Nope. Someone ssh'ing into your system still cannot guess someone elses password. They can log in into their own account though, and abuse other users accounts or the machine configuration because there is no protection. Unprotected accounts only means you get your own account _by default_, you have the power to trash all the others. A malicious user could even change the other users passwords and re-enable the security system so they loose. > you had an exploit you're screwed up anyway. Many exploits are limited. Cracking a damenon running as "nobody" or some daemon user may not be all that satisfying - you might be unable to take over the machine. An exploit doesn't necessarily give root access. > so i guess i deserve opinions instead of flames. the You get a lot of opinions. Don't mistake them for flames just because they disagree with everything you say. > approach is from personal use, not the usual server use. > if you think a server setup is best for all use just say so, > i'm listening. Multi-user security is useful for much more than server use. A good "personal" setup includes at least 3 users: * root - for administration * the user - for running the programs the user himself use. I.e. the word processor on a notebook, the user inteface on a linux phone, and so on. * a nobody user, for safer daemons. If any kind of daemon is used at all. Surprisingly many appliances might run a daemon - a snmp daemon, or a webserver serving the same purpose (So your can check your home appliance from work perhaps) Of course passwords can be skipped - maybe you don't worry about guests messing up your phone settings. Still, a buggy phone program shouldn't mess
Re: [PATCH] Single user linux
On Thursday, April 26, 2001, at 07:03 AM, [EMAIL PROTECTED] wrote: he owns the computer, he may do anything he wants. This sentence really stood out for me, and implies a profound lack of understanding of multi-user machines. No offense intended. I've been a Unix admin for over ten years, and I like to think that I know my way around pretty well. But I do not and will NEVER log in to a machine as root to do work. I am the only user of my MacOS X laptop and home Linux boxes, and I still have my own personal login on all of them. What's at issue is not ownership or trust, but one of accountability and safety. Any OS worth its weight in silicon will make a distinction between blessed and unblessed users. It can be phrased in different ways -- root vs. non-root, admin vs. non-admin. But no one should EVER log in to a machine as root. Period. (1) Multi-user/modern operating systems exist precisely to destroy the fatal flaw that you are attempting to reintroduce. Users should have reduced privileges during normal use, and conditional privilege on demand. Safe from User Error and no less functional on GUI-based systems. People keep saying this, but I'll say it again. This can easily be done in user-space. This HAS been done. Many times. Well. It's possible to put a user in privileged mode automatically, but I'm not convinced that an extra prompt to go into privileged mode is a bad thing from a usability standpoint. So it doesn't need to be in the kernel. And why put it there if it doesn't need to be? Even if it's off by default, it's bloat. And dangerous, conceptually flawed bloat that can't be disabled with 'chkconfig' or 'rpm -e'. And how many people will use it? And should the kernel group allow them to from an out-of-box kernel? As I understand it, part of the responsibility of the maintainers is to maintain a conceptually focused kernel. There's nothing preventing you from distributing your patch, but inserting this into the kernel seems unacceptable IMVHO. I think we understand the why of your patch, but I think you need to elucidate further on how the ends justify the means. Sorry to kick a dead horse, -- Ken. [EMAIL PROTECTED] (1) Except for gnarly testbed/admin machines, etc. etc. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
At 09:03 PM 4/26/01 +0700, you wrote: right now it's the kernel who thinks that root is special, and applications work around that because there's a division of super-user and plain user. is that a must? Short answer: Yes. Long answer: The division is artificial, but is absolutely necessary for administration of a Unix-type system. For example, when the process currently running is not running as a superuser process, the process cannot run resources down to absolute zero -- think disk allocation. This means that the administrator (who may be the same person as the user) has a chance of being able to recover from a runaway process gracefully by being able to go in and kill that process before the whole system lays down and dies. Ever watch what happens when Windows runs out of swap space because the swap file can't get any space? Ever try to recover from it? Make damn sure you have the non-upgrade CD around when you try this. Even more important, make sure you have multiple back-ups when you try this. The whole point of user and superuser is that when the user does something stupid or careless or even malicious, the superuser can bail the system out. You don't usually work in superuser mode, and programs that don't need superuser access don't get it. Humans make mistakes a number of orders of magnitude more often than computers do. The barrier helps minimize the damage. Satch - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thursday, April 26, 2001, at 07:03 AM, [EMAIL PROTECTED] wrote: he owns the computer, he may do anything he wants. snip Any OS worth its weight in silicon will make a distinction between blessed and unblessed users. It can be phrased in different ways -- root vs. non-root, admin vs. non-admin. But no one should EVER log in to a machine as root. Period. (1) Also, there is another reason. If you'r logged in as root, then any exploitable bug in large programs, be it netscape, realplayer, wine, vmware, ... means that the cracker owns your machine. If they are not, then the cracker has to go through another significant hoop, in order to get access to the machine. For optimal security, you can do things like running netscape and other apps under unpriveledged users, where they only have access to their own files. (Note, netscape/.. are just used as examples, I'm not saying they are more buggy than others, just large, and hard to get bug-free) - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
[EMAIL PROTECTED] wrote: so when everybody suggested playing with login, getty, etc. i know you have got the wrong idea. if i wanted to play on user space, i'd rather use capset() to set all users capability to all cap. that's the perfect equivalent. The linux kernel ought to be flexible, so most people can use it as-is. It can be used as-is for your purpose, and it have been shown that this offer more security _without_ inconvenience. Your patch however removes multi-user security for the many who needs it - that's why it never will get accepted. Feel free to run your own patched kernels - but your patch will never make it here. so the user space solution (capset()) works, but then came the idea to optimize away. that's what blow everybody up. don't get me wrong, i always agree with rik farrow when he wrote in ;login: that we should build software with security in mind. If you really want optimization, remove all security instead of merely killing a few basic tests. but i also hate bloat. lets not go to arm devices, how about a notebook. it's a personal thing, naturally to people who doesn't know about computer, personal doesn't go with multi user. by that i mean user with different capabilities, not different persons. The notebook user might not care or understand about multi-user security, but it is still useful. The user have several daemons running that he don't know about, they were installed by the distribution. The security system can protect files from buggy or cracked daemons. And protecting the configuration (and essential stuff like the user's GUI) from being deleted by user accident is still a good thing. The user who don't need password security can still have a safe SUID admin program for necessary tasks like changing the dialup phone number even though it resides in a protected file. So you definitely want the protection system, even in a personal appliance running linux. Because it protects against stupid mistakes like experimenting with editing files in the /etc directory on the notebook with a word processor. Users don't understand why saving in word processor format might be bad A notebook is a particularly bad example. Those with notebooks might not want to use passwords all the time, but it is very convenient if you have to leave a notebook with sensitive data with someone you don't trust. Business secrets or something as simple as a diary. This kind of users can be logged in all the time, mostly avoiding passwords. And log out in those few cases they need to leave the machine in unsafe places. i haven't catch up with all my mails, but my response to some: - linux is stable not only because security. Sure, but security definitely adds to its stability. Instead of nuking it all, just remove what bothers you. The security system has plenty to offer even when you skip the password part. - linux was designed for multi-user, dos f.eks. is designed for personal use, so does epoc, palmos, mac, etc. - i even use plan9 with kfs restrictions disabled sometimes, cause i don't have cpu server, auth server, etc. - with that patch, people will still have authentication. so ssh for example, will still prevent illegal access, if Nope. Someone ssh'ing into your system still cannot guess someone elses password. They can log in into their own account though, and abuse other users accounts or the machine configuration because there is no protection. Unprotected accounts only means you get your own account _by default_, you have the power to trash all the others. A malicious user could even change the other users passwords and re-enable the security system so they loose. you had an exploit you're screwed up anyway. Many exploits are limited. Cracking a damenon running as nobody or some daemon user may not be all that satisfying - you might be unable to take over the machine. An exploit doesn't necessarily give root access. so i guess i deserve opinions instead of flames. the You get a lot of opinions. Don't mistake them for flames just because they disagree with everything you say. approach is from personal use, not the usual server use. if you think a server setup is best for all use just say so, i'm listening. Multi-user security is useful for much more than server use. A good personal setup includes at least 3 users: * root - for administration * the user - for running the programs the user himself use. I.e. the word processor on a notebook, the user inteface on a linux phone, and so on. * a nobody user, for safer daemons. If any kind of daemon is used at all. Surprisingly many appliances might run a daemon - a snmp daemon, or a webserver serving the same purpose (So your can check your home appliance from work perhaps) Of course passwords can be skipped - maybe you don't worry about guests messing up your phone settings. Still, a buggy phone program shouldn't mess up other things. You don't want the
Re: [PATCH] Single user linux
On Thu, 26 Apr 2001, Helge Hafting wrote: The linux kernel ought to be flexible, so most people can use it as-is. It can be used as-is for your purpose, and it have been shown that this offer more security _without_ inconvenience. Your patch however removes multi-user security for the many who needs it - that's why it never will get accepted. Feel free to run your own patched kernels - but your patch will never make it here. i don't understand, that patch is configurable with 'n' as default, marked dangerous. so somebody who turned on that option must be know what he's doing, doesn't understand english, or has a broken monitor. If you really want optimization, remove all security instead of merely killing a few basic tests. those tests responsible for almost all EACCESS EPERM. The notebook user might not care or understand about multi-user security, but it is still useful. The user have several daemons running that he don't know about, they were installed by the distribution. The security system can protect files from buggy or cracked daemons. must be a devil cursed distro, distributing single-user kernel with live daemons. a division of redmon? And protecting the configuration (and essential stuff like the user's GUI) from being deleted by user accident is still a good thing. The user who don't need password security can still have a safe SUID admin program for necessary tasks like changing the dialup phone number even though it resides in a protected file. So you definitely want the protection system, even in a personal appliance running linux. Because it protects against stupid mistakes like experimenting with editing files in the /etc directory on the notebook with a word processor. Users don't understand why saving in word processor format might be bad hmm, the other thing i hate is policy. ever consider that you're talking policy? maybe reboot() should sync() first? A notebook is a particularly bad example. Those with notebooks might not want to use passwords all the time, but it is very convenient if you have to leave a notebook with sensitive data with someone you don't trust. Business secrets or something as simple as a diary. This kind of users can be logged in all the time, mostly avoiding passwords. And log out in those few cases they need to leave the machine in unsafe places. and that someone who had the notebook can't access sensitive data without a passwd? that's what i'm trying to say. if you carried your server, and leave it in unsafe places, why would anybody try to crack it? just get the harddisks put it in another computer, voila. so much for security. - linux is stable not only because security. Sure, but security definitely adds to its stability. i don't know what you mean by stability. if you meant linux can run a year without a reboot, what security has anything to do with stability? the kernel is stable, yes, do we here linux server got cracked yes, it's still stable though. - with that patch, people will still have authentication. so ssh for example, will still prevent illegal access, if Nope. Someone ssh'ing into your system still cannot guess someone elses password. They can log in into their own account though, and abuse other users accounts or the machine configuration because there is no protection. Unprotected accounts only means you get your own account _by default_, you have the power to trash all the others. A malicious user could even change the other users passwords and re-enable the security system so they loose. i didn't disable password! if someone got into a personal machine through ssh by guessing, most likely that account is the owner's. who else? you had an exploit you're screwed up anyway. Many exploits are limited. Cracking a damenon running as nobody or some daemon user may not be all that satisfying - you might be unable to take over the machine. An exploit doesn't necessarily give root access. that line was still about ssh. besides, if someone would run a server for the world, then he must had drain bamage. You get a lot of opinions. Don't mistake them for flames just because they disagree with everything you say. you haven't seen my inbox. Multi-user security is useful for much more than server use. A good personal setup includes at least 3 users: * root - for administration * the user - for running the programs the user himself use. I.e. the word processor on a notebook, the user inteface on a linux phone, and so on. * a nobody user, for safer daemons. If any kind of daemon is used at all. Surprisingly many appliances might run a daemon - a snmp daemon, or a webserver serving the same purpose (So your can check your home appliance from work perhaps) but think about the idea of multi-user. it means protection for the system and other users. that's a typical server needs. and how about notebook? i can see that it need
Re: [PATCH] Single user linux
On Wed, 25 Apr 2001, John Cavan wrote: Several distributions (Red Hat and Mandrake certainly) offer auto-login tools. In conjunction with those tools, take the approach that Apple used with OS X and setup sudo for administrative tasks on the machine. This allows the end user to generally administer the machine without all the need to hack the kernel, modify login, operate as root, etc. You can even restrict their actions with it and log what they do. In the end though, I really don't see the big deal with having a root user for general home use. Even traditionally stand-alone operating you're right, we could do it in more than one way. like copying with mcopy without mounting a fat disk. the question is where to put it. why we do it is an important thing. taking place as a clueless user, i think i should be able to do anything. i'd be happy to accept proof that multi-user is a solution for clueless user, not because it's proven on servers. but because it is a solution by definition. imel - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, Apr 26, 2001 at 07:11:24PM +0700, [EMAIL PROTECTED] wrote: On Wed, 25 Apr 2001, John Cavan wrote: Several distributions (Red Hat and Mandrake certainly) offer auto-login tools. In conjunction with those tools, take the approach that Apple used with OS X and setup sudo for administrative tasks on the machine. This allows the end user to generally administer the machine without all the need to hack the kernel, modify login, operate as root, etc. You can even restrict their actions with it and log what they do. In the end though, I really don't see the big deal with having a root user for general home use. Even traditionally stand-alone operating you're right, we could do it in more than one way. like copying with mcopy without mounting a fat disk. the question is where to put it. why we do it is an important thing. taking place as a clueless user, i think i should be able to do anything. i'd be happy to accept proof that multi-user is a solution for clueless user, not because it's proven on servers. but because it is a solution by definition. Look, all of this is VERY simple. There is only one single person you have to convince to get this into the kernel. And you DO have to convince him, because no matter how many others you try to force this upon, nothing gets into the kernel without the consent of the almighty penguin. So do us all a favour, send this patch to Linus. I'd give you a 1/10 chance of getting a reply at all, and a 1/100 that the answer won't be along the terms of No way in hell, never! (possibly worded a bit different.) If you don't get any response in say a week or so, just give up. /David Weinehall _ _ // David Weinehall [EMAIL PROTECTED] / Northern lights wander \\ // Project MCA Linux hacker// Dance across the winter sky // \ http://www.acc.umu.se/~tao// Full colour fire / - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
[EMAIL PROTECTED] wrote: i'd be happy to accept proof that multi-user is a solution for clueless user, not because it's proven on servers. but because it is a solution by definition. Clueless user deletes files critical to running the system. '!@#$% Why can't I boot. Oh my gosh!! Linux sucks!' -- = Mohammad A. Haque http://www.haque.net/ [EMAIL PROTECTED] Alcohol and calculus don't mix. Project Lead Don't drink and derive. --Unknown http://wm.themes.org/ [EMAIL PROTECTED] = - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
taking place as a clueless user, i think i should be able to do anything. Yeah, I thought so when I started using Linux. I stopped thinking so, when I accidentally blew up the FS on my datadrive and lost nearly _everything_ I had written for 2 years... i'd be happy to accept proof that multi-user is a solution for clueless user, not because it's proven on servers. but because it is a solution by definition. Let's turn the question the other way. It's you trying to convince us, that everyone needs root access. What does a clueless user need root access for? Programming - no. Writing documents - no. Surfing the web - no. Reading email - no. Installing kernels - yes (but a clueless user won't do this). Running viruses, that blow up the entire system - yes. Installing software - yes. But how often do you do that? And is the 'su' really so hard to remember? If you really want to have different uids, why not hack xdm/login to autologin. And when it autologins to a specific user, why do you want different id's? And if you really want everybody to have access to all files, you can just do a 'chmod 777 /'. Perhaps set it up as a cronjob to run daily? Besides you write, that a distro shipping single-user is evil. So you want the clueless user to recompile his own kernel to enable single-user mode (why do at all call it 'single-user' when you still have different ID's?)... The clueless user probably does not even know what the kernel is - and then have to recompile it... Rasmus -- -- [ Rasmus 'Møffe' Bøg Hansen ] -- if (getenv(EDITOR) == vim) {karma++}; - [ moffe at amagerkollegiet dot dk ] - - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On 2001.04.26 13:31:54 +0200 [EMAIL PROTECTED] wrote: On Thu, 26 Apr 2001, Helge Hafting wrote: The linux kernel ought to be flexible, so most people can use it as-is. It can be used as-is for your purpose, and it have been shown that this offer more security _without_ inconvenience. Your patch however removes multi-user security for the many who needs it - that's why it never will get accepted. Feel free to run your own patched kernels - but your patch will never make it here. i don't understand, that patch is configurable with 'n' as default, marked dangerous. so somebody who turned on that option must be know what he's doing, doesn't understand english, or has a broken monitor. I can make a virus, patch the kernel and send it in, with a 'N' by default. But what is the use of this? Do you think this will be implemented??? Your thing is as dangerous as a virus, basically. It gives root to everyone, although they have separate UIDs. And whenever there is a way out (i.e. surfing the web, reading mail), there is a way in. So that would make your system a very nice target to hack - since you basically are root this means they can change anything as soon as they have access. If you're not root, they can't, since they can only do what you as a user can do. The whole goal of your patch is to make computer life easier. This patch doesn't do that - it goes far worse. We gave you a few suggestions on better/easier ways to accomplish this goal - take them as advice and use them instead. Easy: chmod -R 777 / (same risk, though) Good: use su for installing software (su -c make install) Can't get much easier than that (and if a clueless user needs to do this, let him use redhat's RPM manager, enter your password with a nice X-window, and press that button install - same effect)... You don't need to patch the kernel for this... -- Ronald Bultje - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, 26 Apr 2001, [iso-8859-1] Rasmus Bøg Hansen wrote: i'd be happy to accept proof that multi-user is a solution for clueless user, not because it's proven on servers. but because it is a solution by definition. Let's turn the question the other way. It's you trying to convince us, that everyone needs root access. What does a clueless user need root access for? what work around what? right now it's the kernel who thinks that root is special, and applications work around that because there's a division of super-user and plain user. is that a must? it's trivial to say that in multi-user system, one user shall not mess with other user. in multi-process, a process shall not mess with other process. but when it comes to a computer which only has one user, why would it stop a user. because the kernel thinks it isn't right? if he felt like killing random process, which is owned by other than the user, is it a wrong thing to do? he owns the computer, he may do anything he wants. and i'm not even trying to convince anyone. communicating is closer. And if you really want everybody to have access to all files, you can just do a 'chmod 777 /'. Perhaps set it up as a cronjob to run daily? Besides you write, that a distro shipping single-user is evil. So you want the clueless user to recompile his own kernel to enable single-user iff that distro starts up daemons. mode (why do at all call it 'single-user' when you still have different i wrote somewhere that it was my mistake to call it single-user when i mean all user has the same root cap, and reduce user (account) to profile. imel - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, 26 Apr 2001, Ian Stirling wrote: Also, there is another reason. If you'r logged in as root, then any exploitable bug in large programs, be it netscape, realplayer, wine, vmware, ... means that the cracker owns your machine. If they are not, then the cracker has to go through another significant hoop, in order to get access to the machine. For optimal security, you can do things like running netscape and other apps under unpriveledged users, where they only have access to their own files. (Note, netscape/.. are just used as examples, I'm not saying they are more buggy than others, just large, and hard to get bug-free) Heh. You receive all your email on your root account? -- = Mohammad A. Haque http://www.haque.net/ [EMAIL PROTECTED] Alcohol and calculus don't mix. Project Lead Don't drink and derive. --Unknown http://wm.themes.org/ [EMAIL PROTECTED] = - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, 26 Apr 2001 [EMAIL PROTECTED] wrote: On Thu, 26 Apr 2001, [iso-8859-1] Rasmus Bøg Hansen wrote: i'd be happy to accept proof that multi-user is a solution for clueless user, not because it's proven on servers. but because it is a solution by definition. Let's turn the question the other way. It's you trying to convince us, that everyone needs root access. What does a clueless user need root access for? what work around what? right now it's the kernel who thinks that root is special, and applications work around that because there's a division of super-user and plain user. is that a must? Basically yes. But if you do not want _any_ security - you can drop it. I started using Linux (and unix in general) in '96 (thanks Linus). And now - feelin like an experienced linux (unix) user I feel more like ever, I do _not_ want to be root You do not understand the unix security aspects. You do not want unix security and do not want unix. Then stop using it. People from redmond allow you to trash your system without any special effort. Stop bugging us. Have you noticed you never got response from Linus? He is probably still laughing (or feeling pissed off) - Stop trashing his (good) work, I know he is not the only one (I thank every Linux developer)... Did you ever realize, that the unix security model hasn't changed radically for 30 years? Beacause what? It is (opposite your patch) mostly good. it's trivial to say that in multi-user system, one user shall not mess with other user. in multi-process, a process shall not mess with other process. Ok. If you want to fuck up other people's processes, do it. Kill init and get strange panics. If you want to crash other people's work, do it. But begone from _my_ box Go to a bar and get drunk (as you do not seem to have anything better to use your time for),. but when it comes to a computer which only has one user, why would it stop a user. because the kernel thinks it isn't right? if he felt like killing random process, which is owned by other than the user, is it a wrong thing to do? he owns the computer, he may do anything he wants. Yeah. If he wants to do that he logs in as root. 'killall -1'? 'dd if=/dev/zero of=/dev/kcore'. Yeah, crash your computer if you want. But the 'clueless user does not want to'! and i'm not even trying to convince anyone. communicating is closer. Who are you not trying to convince? You propose a patch - you try to convince us to drop the unix secuity model... And if you really want everybody to have access to all files, you can just do a 'chmod 777 /'. Perhaps set it up as a cronjob to run daily? Besides you write, that a distro shipping single-user is evil. So you want the clueless user to recompile his own kernel to enable single-user iff that distro starts up daemons. Or the user starts up daemons. He has root privileges after all. mode (why do at all call it 'single-user' when you still have different i wrote somewhere that it was my mistake to call it single-user when i mean all user has the same root cap, and reduce user (account) to profile. Ok. My mistake. You want to use 'user profiles' but not use the advantages... You don't have to. You can use Windows if you want to. You can just use root. As long as you do not hack /sbin/login or xdm, you will still have to type login/password - no win, no gain. If it wasn't for the nips, being so good at bulding ships the yards would still be open in the clyde get out to a war and get shot! Rasmus -- -- [ Rasmus 'Møffe' Bøg Hansen ] -- I don't suffer from insanity, i enjoy every minute of it! - [ moffe at amagerkollegiet dot dk ] - - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Thu, 26 Apr 2001, Ian Stirling wrote: Also, there is another reason. If you'r logged in as root, then any exploitable bug in large programs, be it netscape, realplayer, wine, vmware, ... means that the cracker owns your machine. snip Heh. You receive all your email on your root account? Nope. For historical reasons (I gave out this address before I started using linux) and mail to root here does not actually go to root. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, 25 Apr 2001 [EMAIL PROTECTED] wrote: > so i guess i deserve opinions instead of flames. the > approach is from personal use, not the usual server use. > if you think a server setup is best for all use just say so, > i'm listening. Several distributions (Red Hat and Mandrake certainly) offer auto-login tools. In conjunction with those tools, take the approach that Apple used with OS X and setup "sudo" for administrative tasks on the machine. This allows the end user to generally administer the machine without all the need to hack the kernel, modify login, operate as root, etc. You can even restrict their actions with it and log what they do. In the end though, I really don't see the big deal with having a root user for general home use. Even traditionally stand-alone operating systems have gone to this model (Mac OS X) or are heading that way fast (Windows XP). There are always ways to configure permissions, and even in a stand-alone environment it's always better to protect against accidental deletion of system critical files. In other words, the benefits vastly outweigh the minor inconvenience. John - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
- Received message begins Here - > > On Wed, 25 Apr 2001, Rick Hohensee wrote: > > > [EMAIL PROTECTED] wrote: > > > for those who didn't read that patch, i #define capable(), > > > suser(), and fsuser() to 1. the implication is all users > > > will have root capabilities. > > > > How is that not single user? > > Every user still has it's own account, means profile etc. Until some user removes all the other users Or reads the other users mail Or changes the other users configuration - Jesse I Pollard, II Email: [EMAIL PROTECTED] Any opinions expressed are solely my own. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, 25 Apr 2001, Rick Hohensee wrote: > [EMAIL PROTECTED] wrote: > > for those who didn't read that patch, i #define capable(), > > suser(), and fsuser() to 1. the implication is all users > > will have root capabilities. > > How is that not single user? Every user still has it's own account, means profile etc. Gruß, Markus -- | Gluecklich ist, wer vergisst, was nicht aus ihm geworden ist. +---. ,> http://www.uni-ulm.de/~s_mschab/ \ / mailto:[EMAIL PROTECTED] \_/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
[EMAIL PROTECTED] wrote: > for those who didn't read that patch, i #define capable(), > suser(), and fsuser() to 1. the implication is all users > will have root capabilities. How is that not single user? I have been doing single-user oriented Linux/GNU/unix longer than anyone I'm aware of with exactly that focus. The one trivial patch I do to the kernel disgusts the core Linux developers for reasons unrelated to single user. cLIeNUX boots with 12 vt's logging in already as root. No kernel molestation. (But stay tuned ;o) Rather than me contributing further to the topic-skew, please have a browse at www.clienux.com Rick Hohensee cLIeNUX user 0 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: problem found (was Re: [PATCH] Single user linux)
hi imel, On Tue, 24 Apr 2001 [EMAIL PROTECTED] wrote: > problem is you guys are to unix-centric, try to be user-centric a little. with all respect: the problem is that you do not listen. as people keep trying to point out to you: - you can have your single-user centric user environment (no logon) while - retaining advantages of multi-user security no kernel changes needed. ie: you can have your phone's user environment come straight up (without needing a login or anything) and have security so that the phone user can't do harmful things like delete system files. you can have the best of all worlds... > imel --paulj - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
So, are you saying, right now in front of the whole community, that you only use Linux because you can develop on it? That if it wasn't for GCC you would be playing Minesweeper right now? I know thats not what you are saying, but thats how you come across. We always tell everybody who would listen that Linux can hold its own as an operating system. Not just because the code is open, and not just for the development environment. Linux can hold its own because it is *good*. Not perfect (there is no perfect operating system), but when you put it against its peers, it rises to the top (along with its other unix cousins). So why wouldn't linux be ideal for an embedded situation. Why wouldn't an open MP3 player be a better option that Media Player? We can't we use the security, stability and power of Linux for a a suite of PIMs and Doom?I Be proud of your operating system - you have 32 bits of multitasking power and stability, and you can fit it into 512K. Lets see Redmond try that! Jordan On Tuesday 24 April 2001 18:32, Daniel Stone mentioned: > On Tue, Apr 24, 2001 at 05:20:27PM -0700, Aaron Lehmann wrote: > > On Wed, Apr 25, 2001 at 10:07:48AM +1000, Daniel Stone wrote: > > > What real value does it have, apart from the geek "look at me, I'm > > > using bash" value? > > > > I don't really want to get into it at the moment, but imagine hacking > > netfilter without lugging a laptop around. PDA's are sleek and cool, > > and using UNIX on them lets you write shell scripts to sort your > > addresses and stuff like that. Basically it's everything that's cool > > about Unix as a workstation OS scaled down to PDA-size. > > True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a > tab! not space! you just broke my makefiles! aargh!), and compiling > Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA. > Hrmz. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, 25 Apr 2001, Ronald Bultje did have cause to say: > Who says it needs to compile? Who says it needs software installed? Who > says it needs to run the software itself? My current project (and I'm just waiting for nfs and wvlan_cs to stabalize on ARM before putting the final touches on it) is an ipaq nfsrooted to a Debian image, over the wireless lan. Works like a champ, and it -does- compile stuff reasonably fast (well, reasonably fast considering the data is all on the far side of 11M/sec wireless.) My kit is mostly portable as well, since the nfs server is on the libretto and runs just fine in my backpack ;) The next step is bludgeoning debian-arm into not running 50-100 little servers I don't need on my PIM. But that may be the function of a task-nfs-ipaq package or some such. So far -multiuser- linux on PIMs ("true" linux, with X, etc, as distinct from pocketlinux/qpe/etc, which are a different animal in this case) is almost there. Web browsers are coming along nicely (and remote-X netscape is usable, although barely) and there are several nice imap clients. (and input methods ranging from a handwriting system to a little onscreen keyboard, if you are in a situation where an external keyboard is not feasable.) --- -BEGIN GEEK CODE BLOCK- Version: 3.1 [www.ebb.org/ungeek] GIT/CC/CM/AT d--(-)@ s+:-- a-->? C$ ULBS*$ P- L+++>+ E--- W+++ N+@ o+>$ K? w--->+ O- M V-- PS+() PE Y+@ PGP++() t 5--- X-- R tv+@ b>$ DI D++(+++) G++ e* h(-)* r++ y++ --END GEEK CODE BLOCK-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
[EMAIL PROTECTED] wrote: > for those who didn't read that patch, i #define capable(), > suser(), and fsuser() to 1. the implication is all users > will have root capabilities. And this is better than just having the system auto-login as root because..? > > then i tried to bring up the single user thing to hear > opinions (not flames). and by that, i actually didn't mean > to have users share the same uid/gid 0. i know somebody > will need to differentiate user. > > so when everybody suggested playing with login, getty, etc. > i know you have got the wrong idea. if i wanted to play > on user space, i'd rather use capset() to set all users > capability to "all cap". that's the perfect equivalent. > > so the user space solution (capset()) works, but then came > the idea to optimize away. that's what blow everybody up. > don't get me wrong, i always agree with rik farrow when he > wrote in ;login: that we should build software with security > in mind. > > but i also hate bloat. lets not go to arm devices, how about > a notebook. it's a personal thing, naturally to people who > doesn't know about computer, personal doesn't go with multi > user. by that i mean user with different capabilities, not > different persons. > So don't install any services. The security in the kernel is not even bloat compared to some of the cruft that you can just not install. > - with that patch, people will still have authentication. > so ssh for example, will still prevent illegal access, if > you had an exploit you're screwed up anyway. > sure httpd will give permission to everybody to browse > a computer, but i don't think a notebook need to run it. See above. > > so i guess i deserve opinions instead of flames. the > approach is from personal use, not the usual server use. > if you think a server setup is best for all use just say so, > i'm listening. I have Linux on my PowerBook. I don't have sendmail, httpd, mysql, and a billion other 'server' processes running. Does that still make it a server? We're not flaming (well some of us anyways). Just pointing out (loudly) where your thinking is flawed. > nah, performance was never my consideration. i do save about > 3kb from my zImage, but i'm not interested. But you just said you hate bloat. What other reason do you have for hating bloat? -- = Mohammad A. Haque http://www.haque.net/ [EMAIL PROTECTED] "Alcohol and calculus don't mix. Project Lead Don't drink and derive." --Unknown http://wm.themes.org/ [EMAIL PROTECTED] = - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, 25 Apr 2001 [EMAIL PROTECTED] wrote: [snip] > so i guess i deserve opinions instead of flames. the > approach is from personal use, not the usual server use. > if you think a server setup is best for all use just say so, > i'm listening. > Heres one.. most of the time I spend cleaning up windows machines is not because of software problems. Usually it's the user acidentally erasing something or installing some program that just modified the boot files by accident. Protection makes the system easier not harder. You can add SUID aplications to preform administrative tasks such as upgrading / config and be sure that the user won't accidentally erase the system. I've had users absolutely paranoid of breaking something on my systems it's very reasuring for me to be able to point at the power switch and say "see that? don't touch it and the sustem will be fine" Gerhard -- Gerhard Mack [EMAIL PROTECTED] <>< As a computer I find your faith in technology amusing. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
Hello [EMAIL PROTECTED], Once you wrote about "Re: [PATCH] Single user linux": > first, i think i owe you guys apology for didn't make myself > clear, which is going harder if you irritated. > even my subject went wrong, as the patch isn't really about > single user (which confuse some people). > > for those who didn't read that patch, i #define capable(), > suser(), and fsuser() to 1. the implication is all users > will have root capabilities. > > then i tried to bring up the single user thing to hear > opinions (not flames). and by that, i actually didn't mean > to have users share the same uid/gid 0. i know somebody > will need to differentiate user. > > so when everybody suggested playing with login, getty, etc. > i know you have got the wrong idea. if i wanted to play > on user space, i'd rather use capset() to set all users > capability to "all cap". that's the perfect equivalent. > > so the user space solution (capset()) works, but then came > the idea to optimize away. that's what blow everybody up. > don't get me wrong, i always agree with rik farrow when he > wrote in ;login: that we should build software with security > in mind. > > but i also hate bloat. lets not go to arm devices, how about > a notebook. it's a personal thing, naturally to people who > doesn't know about computer, personal doesn't go with multi > user. by that i mean user with different capabilities, not > different persons. > > i haven't catch up with all my mails, but my response to > some: > - linux is stable not only because security. > - linux was designed for multi-user, dos f.eks. is designed > for personal use, so does epoc, palmos, mac, etc. > - i even use plan9 with kfs restrictions disabled sometimes, > cause i don't have cpu server, auth server, etc. > - with that patch, people will still have authentication. > so ssh for example, will still prevent illegal access, if > you had an exploit you're screwed up anyway. > sure httpd will give permission to everybody to browse > a computer, but i don't think a notebook need to run it. > > so i guess i deserve opinions instead of flames. the > approach is from personal use, not the usual server use. > if you think a server setup is best for all use just say so, > i'm listening. Then, is there any advantage over booting linux with "single" option? LILO: linux single -- Best regards, Leonid Mamtchenkov System Administrator - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
first, i think i owe you guys apology for didn't make myself clear, which is going harder if you irritated. even my subject went wrong, as the patch isn't really about single user (which confuse some people). for those who didn't read that patch, i #define capable(), suser(), and fsuser() to 1. the implication is all users will have root capabilities. then i tried to bring up the single user thing to hear opinions (not flames). and by that, i actually didn't mean to have users share the same uid/gid 0. i know somebody will need to differentiate user. so when everybody suggested playing with login, getty, etc. i know you have got the wrong idea. if i wanted to play on user space, i'd rather use capset() to set all users capability to "all cap". that's the perfect equivalent. so the user space solution (capset()) works, but then came the idea to optimize away. that's what blow everybody up. don't get me wrong, i always agree with rik farrow when he wrote in ;login: that we should build software with security in mind. but i also hate bloat. lets not go to arm devices, how about a notebook. it's a personal thing, naturally to people who doesn't know about computer, personal doesn't go with multi user. by that i mean user with different capabilities, not different persons. i haven't catch up with all my mails, but my response to some: - linux is stable not only because security. - linux was designed for multi-user, dos f.eks. is designed for personal use, so does epoc, palmos, mac, etc. - i even use plan9 with kfs restrictions disabled sometimes, cause i don't have cpu server, auth server, etc. - with that patch, people will still have authentication. so ssh for example, will still prevent illegal access, if you had an exploit you're screwed up anyway. sure httpd will give permission to everybody to browse a computer, but i don't think a notebook need to run it. so i guess i deserve opinions instead of flames. the approach is from personal use, not the usual server use. if you think a server setup is best for all use just say so, i'm listening. > It would be far more interesting to rip out all trace of security. > That would include the kernel memory access checking, parts of the > task struct, filesystem and VFS code, and surely much more. i did say it clearly that i have other changes which i know won't be a clean patch (too many #ifdefs). f.eks. on my computer i didn't even compile user.c in, i don't have user_struct. filesystem and vfs code are affected by that patch already. memory access is important of course. > Then you can try to show a measurable performance difference. nah, performance was never my consideration. i do save about 3kb from my zImage, but i'm not interested. imel (writing from a webmail) This email was sent using http://webmail.cbn.net.id/ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
[EMAIL PROTECTED] writes: > i didn't change all uid/gid to 0! > > why? so with that radical patch, users will still have > uid/gid so programs know the user's profile. So you: 1. broke security (OK, fine...) 2. didn't remove all the support for security It would be far more interesting to rip out all trace of security. That would include the kernel memory access checking, parts of the task struct, filesystem and VFS code, and surely much more. Then you can try to show a measurable performance difference. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
[EMAIL PROTECTED] wrote: > thank you very much fyi. > if just you tried to understand it a little further: > i didn't change all uid/gid to 0! > > why? so with that radical patch, users will still have > uid/gid so programs know the user's profile. > > if everyone had 0/0 uid/gid, pine will open /var/spool/mail/root, > etc. So you want multi-user to distinguish users, but no login sequence with typing of passwords & username. You can have all that without changing the kernel! Linux distributions runs things like login and getty by default, but you don't have to do that. If you run linux on a device not perceived as a computer, consider this: 1. Run whatever daemons you need as root or under daemon usernames, depending on what privileges they need. 2. Run the user interface program (X or whatever) as a user, not root. No, they don't need a password for that. Just start it from inittab, with a wrapper program that su's to the appropriate user without asking for passwords. 3. If the user really need root for anything, such as changing device configuration, use a suid configuration program. No password needed with that approach. You probably want a configuration program anyway as your "dumb" users probably don't know how to edit files in /etc anyway. Making it suid is no extra work. Now you have both the security of linux and the ease of use of a password-less system. Part of linux stability comes from the fact that ordinary users cannot do anything. Crashing the machine is easy as root, but an appliance user don't need to be root for normal use. And the special cases which need it can be handled by suid programs that cannot do "anything", just the purpose they are written for. Linux is very configurable even without patching the kernel. A general rule is that no kernel patches is accepted for problems that are easily solvable with simple programs. Helge Hafting - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, Apr 25, 2001 at 08:45:25AM +0100, Alan Cox wrote: > > True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a > > tab! not space! you just broke my makefiles! aargh!), and compiling > > Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA. > > Usual misguided assumptions > > 1.Many PDA's have a keyboard > 2.The ipaq has an optional fold up keyboard > 3.Modern PDA's have 200Mhz processors and XScale will see some of them > hitting 600MHz+ I stand corrected. Too broke to get one, but corrected nevertheless. (I've only seen the agenda in action, and it seemed a lot of time writing "date" for relatively little action - the date). -- Daniel Stone [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
> True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a > tab! not space! you just broke my makefiles! aargh!), and compiling > Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA. Usual misguided assumptions 1. Many PDA's have a keyboard 2. The ipaq has an optional fold up keyboard 3. Modern PDA's have 200Mhz processors and XScale will see some of them hitting 600MHz+ - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On 2001.04.25 02:52:22 +0200 Gerhard Mack wrote: > On Wed, 25 Apr 2001, Daniel Stone wrote: > > > OK. "time make bzImage". Of course, mine's really slow (and I will > consider > > myself publically humiliated if my only Linux machine is beaten on a > kernel > > compile by an iPAQ). I 'spose, if it only goes into suspend, the > ability to > > write "uptime" on it constitutes a walking penis extension after a > while? > > When I first started I compiled my linux kernels on a 386 dx with 8 mb > ram > heh. I think a lot of the current PDAs are faster. Who says it needs to compile? Who says it needs software installed? Who says it needs to run the software itself? First of all, if linux will make it on a PDA, I'm sure there will be prepackaged stuff. But more important, a PDA doesn't need other software installed to have a function. It can function as a remote X-terminal connected to a big linux X-server somewhere else which runs the software. In that case, the speed of the PDA is no longer a problem and you have a cute little and simple fully-featured X-window system. It's just a bit small. Now if we get something like IBM's speach recognition system and it works a bit, or we make our own speach recognition system, this can serve very well for simple things like adding points to your agenda, writing e-mail. But for just reading your mail or your agenda, you don't need more than to press some buttons and read the screen. And for pressing the buttons you really don't need anything else than a touchscreen or some (1? 2?) buttons on the PDA... And for using linux as a command-line too on a PDA - we'll need something to make input easier, like Aaron Lehman suggested in another e-mail (keyboard, speach recognition). -- Ronald Bultje - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Tue, 24 Apr 2001, Jonathan Lundell wrote: >Date: Tue, 24 Apr 2001 17:26:29 -0700 >From: Jonathan Lundell <[EMAIL PROTECTED]> >To: Aaron Lehmann <[EMAIL PROTECTED]> >Cc: [EMAIL PROTECTED] >Content-Type: text/plain; charset="us-ascii" >Subject: Re: [PATCH] Single user linux > >At 5:01 PM -0700 2001-04-24, Aaron Lehmann wrote: >>On Tue, Apr 24, 2001 at 11:38:01PM +1000, Daniel Stone wrote: >>> And UNIX on a phone is pure overkill. >> >>Quit being a naysayer. UNIX on a PDA is a wet dream. > >http://www.agendacomputing.com/ (not that the reviews have been very kind) Nor has an official product been released. Reviewing hardware and software in open development model before it is officially stamped "final release" is unfair to say the least. I follow the agenda list and it is a nice piece of hardware and the software is coming along quite nicely. I've heard mostly good stuff about it so far, although it is not a consumer level product yet - it is a developers product, for people ready to fire up emacs and start coding. -- Mike A. Harris - Linux advocate - Free Software advocate This message is copyright 2001, all rights reserved. Views expressed are my own, not necessarily shared by my employer. -- "If it isn't source, it isn't software." -- NASA - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Tue, 24 Apr 2001, Aaron Lehmann wrote: >Date: Tue, 24 Apr 2001 17:01:18 -0700 >From: Aaron Lehmann <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED], Daniel Stone <[EMAIL PROTECTED]>, > Alexander Viro <[EMAIL PROTECTED]>, [EMAIL PROTECTED] >Content-Type: text/plain; charset=us-ascii >Subject: Re: [PATCH] Single user linux > >On Tue, Apr 24, 2001 at 11:38:01PM +1000, Daniel Stone wrote: >> And UNIX on a phone is pure overkill. > >Quit being a naysayer. UNIX on a PDA is a wet dream. No, actually, it is a reality: http://www.agendacomputing.com -- Mike A. Harris - Linux advocate - Free Software advocate This message is copyright 2001, all rights reserved. Views expressed are my own, not necessarily shared by my employer. -- "If it isn't source, it isn't software." -- NASA - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
[EMAIL PROTECTED] wrote: > > >On Tue, 24 Apr 2001, Daniel Stone wrote: > >>Hence, Microsoft Windows. It might not be stable, it might not be fast, it >>might not do RAID, packet-filtering and SQL, but it does a job. A simple >>job. To give Mum & Dad(tm) (with apologies to maddog) a chance to use a >>computer. >> >> >>Since when, did mobile phones == computers? >> > >read the news! i'm programming nokia 9210 with c++, is that >computer enough? > If that is what this discussion is about, you may just be better off with a custom program to run instead of init. Have you ever booted with init=/bin/bash? Notice how it doesn't require a password . . . Use your own program here and you have no need of butchering the kernel. Be much easier to maintain as well. -b -- Three things are certain: Death, taxes, and lost data Guess which has occurred. - - - - - - - - - - - - - - - - - - - - Patched Micro$oft servers are secure today . . . but tomorrow is another story! - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [OFFTOPIC] Re: [PATCH] Single user linux
Tomas Telensky wrote: >But, what I should say to the network security, is that AFAIK in the most >of linux distributions the standard daemons (httpd, sendmail) are run as >root! Having multi-user system or not! Why? For only listening to a port ><1024? Is there any elegant solution? > Yes, most daemons have the ability to switch user ID once they have bound tho the port. Additionally, support is starting to show up for capabilities. I know that ProFTPD has support. Now, assuming it is running on a newer kernel, it never needs to be root, because it has been granted the capability to open a low port. Even if it is cracked, it cannot do other things like . . . insert a kernel module, . . . overwrite /etc/passwd . . . . . etc -b -- Three things are certain: Death, taxes, and lost data Guess which has occurred. - - - - - - - - - - - - - - - - - - - - Patched Micro$oft servers are secure today . . . but tomorrow is another story! - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Tue, 24 Apr 2001, Aaron Lehmann wrote: Date: Tue, 24 Apr 2001 17:01:18 -0700 From: Aaron Lehmann [EMAIL PROTECTED] To: [EMAIL PROTECTED], Daniel Stone [EMAIL PROTECTED], Alexander Viro [EMAIL PROTECTED], [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Subject: Re: [PATCH] Single user linux On Tue, Apr 24, 2001 at 11:38:01PM +1000, Daniel Stone wrote: And UNIX on a phone is pure overkill. Quit being a naysayer. UNIX on a PDA is a wet dream. No, actually, it is a reality: http://www.agendacomputing.com -- Mike A. Harris - Linux advocate - Free Software advocate This message is copyright 2001, all rights reserved. Views expressed are my own, not necessarily shared by my employer. -- If it isn't source, it isn't software. -- NASA - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Tue, 24 Apr 2001, Jonathan Lundell wrote: Date: Tue, 24 Apr 2001 17:26:29 -0700 From: Jonathan Lundell [EMAIL PROTECTED] To: Aaron Lehmann [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii Subject: Re: [PATCH] Single user linux At 5:01 PM -0700 2001-04-24, Aaron Lehmann wrote: On Tue, Apr 24, 2001 at 11:38:01PM +1000, Daniel Stone wrote: And UNIX on a phone is pure overkill. Quit being a naysayer. UNIX on a PDA is a wet dream. http://www.agendacomputing.com/ (not that the reviews have been very kind) Nor has an official product been released. Reviewing hardware and software in open development model before it is officially stamped final release is unfair to say the least. I follow the agenda list and it is a nice piece of hardware and the software is coming along quite nicely. I've heard mostly good stuff about it so far, although it is not a consumer level product yet - it is a developers product, for people ready to fire up emacs and start coding. -- Mike A. Harris - Linux advocate - Free Software advocate This message is copyright 2001, all rights reserved. Views expressed are my own, not necessarily shared by my employer. -- If it isn't source, it isn't software. -- NASA - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On 2001.04.25 02:52:22 +0200 Gerhard Mack wrote: On Wed, 25 Apr 2001, Daniel Stone wrote: OK. time make bzImage. Of course, mine's really slow (and I will consider myself publically humiliated if my only Linux machine is beaten on a kernel compile by an iPAQ). I 'spose, if it only goes into suspend, the ability to write uptime on it constitutes a walking penis extension after a while? When I first started I compiled my linux kernels on a 386 dx with 8 mb ram heh. I think a lot of the current PDAs are faster. Who says it needs to compile? Who says it needs software installed? Who says it needs to run the software itself? First of all, if linux will make it on a PDA, I'm sure there will be prepackaged stuff. But more important, a PDA doesn't need other software installed to have a function. It can function as a remote X-terminal connected to a big linux X-server somewhere else which runs the software. In that case, the speed of the PDA is no longer a problem and you have a cute little and simple fully-featured X-window system. It's just a bit small. Now if we get something like IBM's speach recognition system and it works a bit, or we make our own speach recognition system, this can serve very well for simple things like adding points to your agenda, writing e-mail. But for just reading your mail or your agenda, you don't need more than to press some buttons and read the screen. And for pressing the buttons you really don't need anything else than a touchscreen or some (1? 2?) buttons on the PDA... And for using linux as a command-line too on a PDA - we'll need something to make input easier, like Aaron Lehman suggested in another e-mail (keyboard, speach recognition). -- Ronald Bultje - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a tab! not space! you just broke my makefiles! aargh!), and compiling Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA. Usual misguided assumptions 1. Many PDA's have a keyboard 2. The ipaq has an optional fold up keyboard 3. Modern PDA's have 200Mhz processors and XScale will see some of them hitting 600MHz+ - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, Apr 25, 2001 at 08:45:25AM +0100, Alan Cox wrote: True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a tab! not space! you just broke my makefiles! aargh!), and compiling Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA. Usual misguided assumptions 1.Many PDA's have a keyboard 2.The ipaq has an optional fold up keyboard 3.Modern PDA's have 200Mhz processors and XScale will see some of them hitting 600MHz+ I stand corrected. Too broke to get one, but corrected nevertheless. (I've only seen the agenda in action, and it seemed a lot of time writing date for relatively little action - the date). -- Daniel Stone [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
[EMAIL PROTECTED] wrote: thank you very much fyi. if just you tried to understand it a little further: i didn't change all uid/gid to 0! why? so with that radical patch, users will still have uid/gid so programs know the user's profile. if everyone had 0/0 uid/gid, pine will open /var/spool/mail/root, etc. So you want multi-user to distinguish users, but no login sequence with typing of passwords username. You can have all that without changing the kernel! Linux distributions runs things like login and getty by default, but you don't have to do that. If you run linux on a device not perceived as a computer, consider this: 1. Run whatever daemons you need as root or under daemon usernames, depending on what privileges they need. 2. Run the user interface program (X or whatever) as a user, not root. No, they don't need a password for that. Just start it from inittab, with a wrapper program that su's to the appropriate user without asking for passwords. 3. If the user really need root for anything, such as changing device configuration, use a suid configuration program. No password needed with that approach. You probably want a configuration program anyway as your dumb users probably don't know how to edit files in /etc anyway. Making it suid is no extra work. Now you have both the security of linux and the ease of use of a password-less system. Part of linux stability comes from the fact that ordinary users cannot do anything. Crashing the machine is easy as root, but an appliance user don't need to be root for normal use. And the special cases which need it can be handled by suid programs that cannot do anything, just the purpose they are written for. Linux is very configurable even without patching the kernel. A general rule is that no kernel patches is accepted for problems that are easily solvable with simple programs. Helge Hafting - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
first, i think i owe you guys apology for didn't make myself clear, which is going harder if you irritated. even my subject went wrong, as the patch isn't really about single user (which confuse some people). for those who didn't read that patch, i #define capable(), suser(), and fsuser() to 1. the implication is all users will have root capabilities. then i tried to bring up the single user thing to hear opinions (not flames). and by that, i actually didn't mean to have users share the same uid/gid 0. i know somebody will need to differentiate user. so when everybody suggested playing with login, getty, etc. i know you have got the wrong idea. if i wanted to play on user space, i'd rather use capset() to set all users capability to all cap. that's the perfect equivalent. so the user space solution (capset()) works, but then came the idea to optimize away. that's what blow everybody up. don't get me wrong, i always agree with rik farrow when he wrote in ;login: that we should build software with security in mind. but i also hate bloat. lets not go to arm devices, how about a notebook. it's a personal thing, naturally to people who doesn't know about computer, personal doesn't go with multi user. by that i mean user with different capabilities, not different persons. i haven't catch up with all my mails, but my response to some: - linux is stable not only because security. - linux was designed for multi-user, dos f.eks. is designed for personal use, so does epoc, palmos, mac, etc. - i even use plan9 with kfs restrictions disabled sometimes, cause i don't have cpu server, auth server, etc. - with that patch, people will still have authentication. so ssh for example, will still prevent illegal access, if you had an exploit you're screwed up anyway. sure httpd will give permission to everybody to browse a computer, but i don't think a notebook need to run it. so i guess i deserve opinions instead of flames. the approach is from personal use, not the usual server use. if you think a server setup is best for all use just say so, i'm listening. It would be far more interesting to rip out all trace of security. That would include the kernel memory access checking, parts of the task struct, filesystem and VFS code, and surely much more. i did say it clearly that i have other changes which i know won't be a clean patch (too many #ifdefs). f.eks. on my computer i didn't even compile user.c in, i don't have user_struct. filesystem and vfs code are affected by that patch already. memory access is important of course. Then you can try to show a measurable performance difference. nah, performance was never my consideration. i do save about 3kb from my zImage, but i'm not interested. imel (writing from a webmail) This email was sent using http://webmail.cbn.net.id/ - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
Hello [EMAIL PROTECTED], Once you wrote about Re: [PATCH] Single user linux: first, i think i owe you guys apology for didn't make myself clear, which is going harder if you irritated. even my subject went wrong, as the patch isn't really about single user (which confuse some people). for those who didn't read that patch, i #define capable(), suser(), and fsuser() to 1. the implication is all users will have root capabilities. then i tried to bring up the single user thing to hear opinions (not flames). and by that, i actually didn't mean to have users share the same uid/gid 0. i know somebody will need to differentiate user. so when everybody suggested playing with login, getty, etc. i know you have got the wrong idea. if i wanted to play on user space, i'd rather use capset() to set all users capability to all cap. that's the perfect equivalent. so the user space solution (capset()) works, but then came the idea to optimize away. that's what blow everybody up. don't get me wrong, i always agree with rik farrow when he wrote in ;login: that we should build software with security in mind. but i also hate bloat. lets not go to arm devices, how about a notebook. it's a personal thing, naturally to people who doesn't know about computer, personal doesn't go with multi user. by that i mean user with different capabilities, not different persons. i haven't catch up with all my mails, but my response to some: - linux is stable not only because security. - linux was designed for multi-user, dos f.eks. is designed for personal use, so does epoc, palmos, mac, etc. - i even use plan9 with kfs restrictions disabled sometimes, cause i don't have cpu server, auth server, etc. - with that patch, people will still have authentication. so ssh for example, will still prevent illegal access, if you had an exploit you're screwed up anyway. sure httpd will give permission to everybody to browse a computer, but i don't think a notebook need to run it. so i guess i deserve opinions instead of flames. the approach is from personal use, not the usual server use. if you think a server setup is best for all use just say so, i'm listening. Then, is there any advantage over booting linux with single option? LILO: linux single -- Best regards, Leonid Mamtchenkov System Administrator - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, 25 Apr 2001 [EMAIL PROTECTED] wrote: [snip] so i guess i deserve opinions instead of flames. the approach is from personal use, not the usual server use. if you think a server setup is best for all use just say so, i'm listening. Heres one.. most of the time I spend cleaning up windows machines is not because of software problems. Usually it's the user acidentally erasing something or installing some program that just modified the boot files by accident. Protection makes the system easier not harder. You can add SUID aplications to preform administrative tasks such as upgrading / config and be sure that the user won't accidentally erase the system. I've had users absolutely paranoid of breaking something on my systems it's very reasuring for me to be able to point at the power switch and say see that? don't touch it and the sustem will be fine Gerhard -- Gerhard Mack [EMAIL PROTECTED] As a computer I find your faith in technology amusing. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
[EMAIL PROTECTED] wrote: for those who didn't read that patch, i #define capable(), suser(), and fsuser() to 1. the implication is all users will have root capabilities. And this is better than just having the system auto-login as root because..? then i tried to bring up the single user thing to hear opinions (not flames). and by that, i actually didn't mean to have users share the same uid/gid 0. i know somebody will need to differentiate user. so when everybody suggested playing with login, getty, etc. i know you have got the wrong idea. if i wanted to play on user space, i'd rather use capset() to set all users capability to all cap. that's the perfect equivalent. so the user space solution (capset()) works, but then came the idea to optimize away. that's what blow everybody up. don't get me wrong, i always agree with rik farrow when he wrote in ;login: that we should build software with security in mind. but i also hate bloat. lets not go to arm devices, how about a notebook. it's a personal thing, naturally to people who doesn't know about computer, personal doesn't go with multi user. by that i mean user with different capabilities, not different persons. So don't install any services. The security in the kernel is not even bloat compared to some of the cruft that you can just not install. - with that patch, people will still have authentication. so ssh for example, will still prevent illegal access, if you had an exploit you're screwed up anyway. sure httpd will give permission to everybody to browse a computer, but i don't think a notebook need to run it. See above. so i guess i deserve opinions instead of flames. the approach is from personal use, not the usual server use. if you think a server setup is best for all use just say so, i'm listening. I have Linux on my PowerBook. I don't have sendmail, httpd, mysql, and a billion other 'server' processes running. Does that still make it a server? We're not flaming (well some of us anyways). Just pointing out (loudly) where your thinking is flawed. nah, performance was never my consideration. i do save about 3kb from my zImage, but i'm not interested. But you just said you hate bloat. What other reason do you have for hating bloat? -- = Mohammad A. Haque http://www.haque.net/ [EMAIL PROTECTED] Alcohol and calculus don't mix. Project Lead Don't drink and derive. --Unknown http://wm.themes.org/ [EMAIL PROTECTED] = - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, 25 Apr 2001, Ronald Bultje did have cause to say: Who says it needs to compile? Who says it needs software installed? Who says it needs to run the software itself? My current project (and I'm just waiting for nfs and wvlan_cs to stabalize on ARM before putting the final touches on it) is an ipaq nfsrooted to a Debian image, over the wireless lan. Works like a champ, and it -does- compile stuff reasonably fast (well, reasonably fast considering the data is all on the far side of 11M/sec wireless.) My kit is mostly portable as well, since the nfs server is on the libretto and runs just fine in my backpack ;) The next step is bludgeoning debian-arm into not running 50-100 little servers I don't need on my PIM. But that may be the function of a task-nfs-ipaq package or some such. So far -multiuser- linux on PIMs (true linux, with X, etc, as distinct from pocketlinux/qpe/etc, which are a different animal in this case) is almost there. Web browsers are coming along nicely (and remote-X netscape is usable, although barely) and there are several nice imap clients. (and input methods ranging from a handwriting system to a little onscreen keyboard, if you are in a situation where an external keyboard is not feasable.) --- -BEGIN GEEK CODE BLOCK- Version: 3.1 [www.ebb.org/ungeek] GIT/CC/CM/AT d--(-)@ s+:-- a--? C$ ULBS*$ P- L E--- W+++ N+@ o+$ K? w---+ O- M V-- PS+() PE Y+@ PGP++() t 5--- X-- R tv+@ b$ DI D++(+++) G++ e* h(-)* r++ y++ --END GEEK CODE BLOCK-- - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
So, are you saying, right now in front of the whole community, that you only use Linux because you can develop on it? That if it wasn't for GCC you would be playing Minesweeper right now? I know thats not what you are saying, but thats how you come across. We always tell everybody who would listen that Linux can hold its own as an operating system. Not just because the code is open, and not just for the development environment. Linux can hold its own because it is *good*. Not perfect (there is no perfect operating system), but when you put it against its peers, it rises to the top (bigotryalong with its other unix cousins/bigotry). So why wouldn't linux be ideal for an embedded situation. Why wouldn't an open MP3 player be a better option that Media Player? We can't we use the security, stability and power of Linux for a a suite of PIMs and Doom?I Be proud of your operating system - you have 32 bits of multitasking power and stability, and you can fit it into 512K. Lets see Redmond try that! Jordan On Tuesday 24 April 2001 18:32, Daniel Stone mentioned: On Tue, Apr 24, 2001 at 05:20:27PM -0700, Aaron Lehmann wrote: On Wed, Apr 25, 2001 at 10:07:48AM +1000, Daniel Stone wrote: What real value does it have, apart from the geek look at me, I'm using bash value? I don't really want to get into it at the moment, but imagine hacking netfilter without lugging a laptop around. PDA's are sleek and cool, and using UNIX on them lets you write shell scripts to sort your addresses and stuff like that. Basically it's everything that's cool about Unix as a workstation OS scaled down to PDA-size. True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a tab! not space! you just broke my makefiles! aargh!), and compiling Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA. Hrmz. - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: problem found (was Re: [PATCH] Single user linux)
hi imel, On Tue, 24 Apr 2001 [EMAIL PROTECTED] wrote: problem is you guys are to unix-centric, try to be user-centric a little. with all respect: the problem is that you do not listen. as people keep trying to point out to you: - you can have your single-user centric user environment (no logon) while - retaining advantages of multi-user security no kernel changes needed. ie: you can have your phone's user environment come straight up (without needing a login or anything) and have security so that the phone user can't do harmful things like delete system files. you can have the best of all worlds... imel --paulj - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
[EMAIL PROTECTED] wrote: for those who didn't read that patch, i #define capable(), suser(), and fsuser() to 1. the implication is all users will have root capabilities. How is that not single user? I have been doing single-user oriented Linux/GNU/unix longer than anyone I'm aware of with exactly that focus. The one trivial patch I do to the kernel disgusts the core Linux developers for reasons unrelated to single user. cLIeNUX boots with 12 vt's logging in already as root. No kernel molestation. (But stay tuned ;o) Rather than me contributing further to the topic-skew, please have a browse at www.clienux.com Rick Hohensee cLIeNUX user 0 - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, 25 Apr 2001, Rick Hohensee wrote: [EMAIL PROTECTED] wrote: for those who didn't read that patch, i #define capable(), suser(), and fsuser() to 1. the implication is all users will have root capabilities. How is that not single user? Every user still has it's own account, means profile etc. Gruß, Markus -- | Gluecklich ist, wer vergisst, was nicht aus ihm geworden ist. +---. , http://www.uni-ulm.de/~s_mschab/ \ / mailto:[EMAIL PROTECTED] \_/ - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, 25 Apr 2001 [EMAIL PROTECTED] wrote: so i guess i deserve opinions instead of flames. the approach is from personal use, not the usual server use. if you think a server setup is best for all use just say so, i'm listening. Several distributions (Red Hat and Mandrake certainly) offer auto-login tools. In conjunction with those tools, take the approach that Apple used with OS X and setup sudo for administrative tasks on the machine. This allows the end user to generally administer the machine without all the need to hack the kernel, modify login, operate as root, etc. You can even restrict their actions with it and log what they do. In the end though, I really don't see the big deal with having a root user for general home use. Even traditionally stand-alone operating systems have gone to this model (Mac OS X) or are heading that way fast (Windows XP). There are always ways to configure permissions, and even in a stand-alone environment it's always better to protect against accidental deletion of system critical files. In other words, the benefits vastly outweigh the minor inconvenience. John - To unsubscribe from this list: send the line unsubscribe linux-kernel in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Tue, 24 Apr 2001, Aaron Lehmann did have cause to say: > On Wed, Apr 25, 2001 at 10:07:48AM +1000, Daniel Stone wrote: > > What real value does it have, apart from the geek "look at me, I'm using > > bash" value? > > I don't really want to get into it at the moment, but imagine hacking > netfilter without lugging a laptop around. PDA's are sleek and cool, > and using UNIX on them lets you write shell scripts to sort your > addresses and stuff like that. Basically it's everything that's cool > about Unix as a workstation OS scaled down to PDA-size. Two (not quite exclusive ;) ..) points: First, most pda's have apps like telnet/ssh/etc available. (And even more specific apps are available for various uses - I recall a palm pilot app that talked to cisco gear and gave a nice gui for 90% of the config, plus a terminal for the rest.) And second, I agree that there are some great advantages to small linux (my ipaq runs linux, and my barely larger libretto is a full debian mirror) but all of these (even pocketlinux, which is basically not linux) work with the concept of multiple users. Whether for profiles or for system vs user, they all use it. This patch is trash. -BEGIN GEEK CODE BLOCK- Version: 3.1 [www.ebb.org/ungeek] GIT/CC/CM/AT d--(-)@ s+:-- a-->? C$ ULBS*$ P- L+++>+ E--- W+++ N+@ o+>$ K? w--->+ O- M V-- PS+() PE Y+@ PGP++() t 5--- X-- R tv+@ b>$ DI D++(+++) G++ e* h(-)* r++ y++ --END GEEK CODE BLOCK-- - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, 25 Apr 2001, Daniel Stone wrote: > OK. "time make bzImage". Of course, mine's really slow (and I will consider > myself publically humiliated if my only Linux machine is beaten on a kernel > compile by an iPAQ). I 'spose, if it only goes into suspend, the ability to > write "uptime" on it constitutes a walking penis extension after a while? When I first started I compiled my linux kernels on a 386 dx with 8 mb ram heh. I think a lot of the current PDAs are faster. Gerhard -- Gerhard Mack [EMAIL PROTECTED] <>< As a computer I find your faith in technology amusing. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
In article <[EMAIL PROTECTED]>, Alan Cox <[EMAIL PROTECTED]> wrote: >> > Quit being a naysayer. UNIX on a PDA is a wet dream. >> What real value does it have, apart from the geek "look at me, I'm using >> bash" value? > >It means I can do anything on my ipaq I can do anywhere else. I can run >multiple apps at a time. I can run X11. I can run the palm emulator even ;) > >Its the same reason Linux is valuable on an S/390 mainframe. Its a common pool >of apps, environments and tools. Anything your PC can do, my ipaq can do. Or even if you only ever use the builtin apps on your Linux PDA, it means you didn't subsidize Microsoft. -- __O Lineo - For Embedded Linux Solutions _-\<,_ PGP Fingerprint: 28 E2 A0 15 99 62 9A 00 (_)/ (_) 88 EC A3 EE 2D 1C 15 68 Stuart Lynne <[EMAIL PROTECTED]> www.fireplug.net604-461-7532 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Tue, Apr 24, 2001 at 05:35:10PM -0700, Aaron Lehmann wrote: > On Wed, Apr 25, 2001 at 10:32:46AM +1000, Daniel Stone wrote: > > True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a > > tab! not space! you just broke my makefiles! aargh!), and compiling > > Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA. > > Hrmz. > > I didn't say it was practical. But those PDA's are getting downright > speedy. Much faster than UNIX workstations from days of old. Please, oh please, tell me my machine would beat it on a "time make bzImage". Else I'll do something really stupid. Like, get one for my workstation and feel the improvement ;) > Input is a big problem, but we'll leave that to technology (speech? > microkeyboards?) Aye - difference between space and tab. Broken Makefiles, anyone? -- Daniel Stone Linux Kernel Developer [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, Apr 25, 2001 at 01:16:03AM +0100, Alan Cox wrote: > > > Quit being a naysayer. UNIX on a PDA is a wet dream. > > What real value does it have, apart from the geek "look at me, I'm using > > bash" value? > > It means I can do anything on my ipaq I can do anywhere else. I can run > multiple apps at a time. I can run X11. I can run the palm emulator even ;) How long does it take you to write "date"? Plus, aren't you content with IRCing on your *phone*? ;) > Its the same reason Linux is valuable on an S/390 mainframe. Its a common pool > of apps, environments and tools. Anything your PC can do, my ipaq can do. OK. "time make bzImage". Of course, mine's really slow (and I will consider myself publically humiliated if my only Linux machine is beaten on a kernel compile by an iPAQ). I 'spose, if it only goes into suspend, the ability to write "uptime" on it constitutes a walking penis extension after a while? -- Daniel Stone Linux Kernel Developer [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Re: [PATCH] Single user linux
On Wed, Apr 25, 2001 at 10:32:46AM +1000, Daniel Stone wrote: > True, but then imagine trying to hack C (no, that's a CURLY BRACE, and a > tab! not space! you just broke my makefiles! aargh!), and compiling > Netfilter (it takes HOW MANY hours to compile init/main.c?!?) on a PDA. > Hrmz. I didn't say it was practical. But those PDA's are getting downright speedy. Much faster than UNIX workstations from days of old. Input is a big problem, but we'll leave that to technology (speech? microkeyboards?) - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/