Tovarz: Linux system operating rights are in a dilemma

According to foreign media reports, Linus · Linus Torvalds recently complained on Google+ that the security mechanism of openSUSE is too annoying. His daughter called from the school to ask for the Root password, which is the only way to set up a school printer path for a MacBook Air notebook.

Tovarz believes that changing the time zone, adding new wireless networks or settings is a daily task, and setting the Root password for these tasks is "stupid and wrong". For the developer set up like this, he snarled: "Please commit suicide now, so the world will get better." ”

In view of the popularity of Tovarz, his words quickly attracted thousands of comments and caused great repercussions in the industry.

Tovarz believes that this problem is caused by two concepts of Linux: on the one hand, as a child of Unix systems, Linux is a true multi-user system; on the other hand, traditional PC systems allow The user has complete control over his or her personal computer.

The multi-user control concept necessarily requires the system to restrict user control of the system, thereby avoiding negative effects on other users, such as restricting some general operations, including installing new software, deleting existing user accounts, and of course setting. Or remove the printer. According to the Unix tradition, all of these tasks only allow Root account operations.

In contrast, PC operating systems are generally intended for a single user, so users have complete control over the system. For multi-user PC system users, they must carefully control the system.

For the above two concepts, the easiest way to compromise is to log in to Linux as the root user. Then, the user can do whatever he wants, such as adding a space in the wrong place, or cleaning the entire hard drive directly.

Now, there is a new way called sudo: the first user is created during system installation, and the user will be stored in /etc/sudoers as “ALL=(ALL) ALL”. The user can then perform any Root-restricted operations, but the user only needs to enter a personal secret instead of a Root password. For example, Ubuntu uses a dedicated management group. When a new user is added, the administrator can decide whether to give the new user & ldquo;sudo permission”.

However, sudo can't solve the problems encountered by Tovarz and his daughter, "execute all operations" (using sudo) and "do not perform any operations" (no sudo) there is still a vacuum . What Towaz hopes is that a system can allow his daughter to perform simple daily operations, such as setting up a network connection or printer, while limiting dangerous operations. Furthermore, IT departments should deal with operations that threaten the security of the system, and daily operations such as setting up printers should be performed by ordinary users.

For example, the system should allow all users to set up the printer, but they can't remove the printer settings of other users; users can load drivers for USB sound cards, but can't damage the system by forcibly loading malicious drivers; users You can follow the program, but you can't delete the /usr/bin/git file.

The traditional mechanism of Unix may be difficult to solve. But Linux has been making progress: extended file attributes, SELinux's Mandatory Access Control and PolicyKit. Linux lacks a user model: PC and notebook platforms are usually used by a single user, but other users can also become "basic administrators", while the traditional Unix multi-user mode is not suitable for this platform.

In this regard, Android mode is even more appropriate: users can change the time zone, connect devices to the new network, set up network printers, and install software at will. However, Android users cannot remove the kernel and install programs that affect the functionality of other programs.

If Tovaz's daughter does not perform all Android device operations on the MacBook Air, many problems will be solved. Of course, the root password login problem still needs to be resolved