On 11/2/05, Leonardo Lopes Pereira <address@hidden> wrote:
After a quick discuss with marco_g on IRC, i started to thing about Why we need a sysadmin. And I realize that only small options on the system need the admin interference. I saw that many people here are very fanatic about security, but what about a system with a admin that put backdoors on programs?
As you mention later in this post, you need to trust the software that is installed to make use of it. If you don't trust the software, don't use it. I'll get back to this in just a few moments.
So, if we will design a system where people can fell secure, we need to create a system where the admin has less power as possible.
This particular idea is still new to me. We definitely do need to discuss this to give me a better idea of how it would work in real life.
In my opinion, the admin is a user that will be able ONLY to configure some parts of the system that cannot be configured by a user. All other things that the admin needs to do, like run a server, will be done by a common user with no more power than other users.
Again, this idea is new to me. We need to discuss it more. Any papers that talk about this topic would be welcome.
To install programs we can create a mechanism that every user can install programs that will be avaliable to every users. but all programs would be signed on their origin, and if the user trust on that origin, this program will be able to work perfectly, if the user doesn't trust on the origin of the program it will be alerted about that and will choose how this program will run.
That is definitely one idea. There are probably other ideas on how we could do this as well, but I haven't thought about it much. My head has been wrapped around the talks of persistent design and a device driver framework. I'll be interested in seeing more about this.
With no access to FS, with a read-only access to FS or if the user will start to trust on that origin.
You are using acronyms like "FS", which I believe you to mean as "filesystems". If we are going to move forward with a totally persistent OS (i.e. a single-level-store[1] for all data), then we need to start talking about the "filesystem" as a data store that has objects and capabilities associated with those objects and get rid of the classical concept of filesystems. I'm not griping with you, but if we use old terms, we are going to get them confused with new ideas.
[1]: <a href="" href="http://www.eros-os.org/papers/storedesign2002.pdf">http://www.eros-os.org/papers/storedesign2002.pdf>Design Evolution of the EROS Single-Level Store</a>
--
William M. Grim
Computer Science Master's Student, Southern Illinois University at Edwardsville
Unix Network Administrator, SIUE, CS. Dept.