On 06/15/2015 10:50 AM, Loïc Minier wrote: ...
> This user experience would be delivered by the main “snappy” binary when it’s > launched as “snappy-cli” as the basename of argv[0]. If this feature is not > enabled by default, or from a shell, you would run “snappy cli” to start an > interactive snappy shell session. NB: cliis to avoid confusion with the > shellcommand to run a command or an interactive shell. > > > SSH integration could be done in multiple ways: > > 1. > > integrate a SSH server in snappyitself; I don’t know how hard this is in > go > today; this might be a worthwhile exercise long-term to get a smaller > rootfs > Please let's not do this-- ssh is absolutely critical to get right and we want to be using an industry-standard, widely used and supported implementation (ie, OpenSSH). > 2. > > configure SSH server and login to always start /bin/snappy-cliinstead of > the > user’s shell, then lookup the user’s shell in the passwddatabase to run > the > preferred shell with “snappy shell” > > 3. > > (preferred) configure the user’s shell to /bin/snappy-cliand create a new > snappy-only ubuntu-core config for the preferred interactive shell > (defaults > to /bin/bash); drawback: this would be system-wide as we don’t have > per-user > configs > We also don't have a way to add users at this time. Seems like we set up the snappy user's shell to this and have snappy-cli as an available option in /etc/shells so that in the future new users can use this shell? That said, it isn't clear to me what access controls will be in place for this shell. Will it somehow integrate with sudo? polkit? Something else? I guess this is the 'allowed-cli-commands' you referenced earlier? It is probably wise to be thinking about future Ubuntu Personal GUI interfaces/acls when designing these acls. Perhaps until this is defined, require something else from the user to be able to use it-- eg, perhaps require the user is in the admin group. -- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- snappy-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snappy-devel
