Comment by Joker_vD
8 hours ago
> One started a session with no user credentials
And what would the effective permissions be? The access to any file would be done according to the "other" permissions bits or?.. Because if yes, then that'd be an interesting way to escape user-based quotas, you know.
I don't know. This was a very early description of how it would work that I read, a long time ago.
Thinking it through as a thought experiment, the way that I'd do it, a process with no credentials would not be able to open anything for write access and only a limited number of things for execute access, and be limited to a minimal amount of read access. One does not have to follow the POSIX model when one is introducing something so definitely outside of it as a process with no user/group IDs (perfectly fine as far as raw Hurd is concerned).
There was precedent for such ideas. On Novell Netware, MS/PC/DR-DOS clients could access only one server directory, containing the LOGIN program, until they had logged their machine on.
Okay, so basically something like Windows's "Anonymous Logon" SID, which doesn't belong to the Authenticated Users group: it's the group that's normally associated with the default Write permissions; the Users group has only read-only access.
That sort of idea, yes.
I've just done some research and it looks like the Debin Hurd people did attempt to actually implement this. I just never heard about it. There was a 'login shell' and a 'nouser'. The latter had am empty set of IDs, and this case (optionally) switched to an extra set of rwx permission bits that existed specifically for determining 'nouser' access.
* https://groups.google.com/g/linux.debian.ports.hurd/c/2rCbPl...