Comment by XorNot
14 hours ago
It has never been easy to create separate users on Linux, certainly not for tasks where you need to switch between contexts.
Docker was amongst the biggest steps forward on this in a long time.
14 hours ago
It has never been easy to create separate users on Linux, certainly not for tasks where you need to switch between contexts.
Docker was amongst the biggest steps forward on this in a long time.
I meant for CLI tasks. Just "adduser" and "sudo -u <user> bash".
And when you want to share some but not all files with that one user but not other users you created for similar purposes?
And when you want the outputs of that user back to your main user?
And when you want that user to access some shared credentials for external services, but not all?
It’s not the account setup that’s hard, it’s the workflow of spreading a single real-world across multiple accounts.
All of those use cases are very easy to facilitate using filesystem permissions and groups.
3 replies →
That’s what user groups are for.
1 reply →
None of what you described is hard either. Tediously prone to mistakes due to complexity or lack of attention to detail? Sure. But you do that once or twice and suddenly it really doesn’t seem all that hard. I’m with you on “annoying” though!
> And when you want to share some but not all files with that one user but not other users you created for similar purposes?
Can't ACLs (Access Control Lists) handle at least some of that?
It has always been very easy to create separate users on Linux and certainly for tasks where you need to switch between contexts.
Linux is a unix, so has always been multi-user and sharing any data between processes is facilitated in all manner of ways. So context could be shared over files or unix-domain sockets or shared memory or tcp or udp sockets or via message passing or … a bunch of other ways. That has been the case since 1996 or so when I started using it certainly.
Separate user accounts are irrelevant when any one user has sudo and can therefore change binaries for everyone.
The point is to not give every user (especially the LLM user) sudo access.
1 reply →
unix (and linux) has always been multi user. It is as easy as it gets for multi-user workflows in every context. It was, literally, built for it.
You can run each of your virtual desktops as their own user. You can run individual apps on the same desktop as different user accounts. Hundreds of separate users can login to the same computer. My own computer, right now, has 40 different user accounts running stuff in the background.
I can't even think of a scenario where using separate users is difficult.
> You can run each of your virtual desktops as their own user. You can run individual apps on the same desktop as different user accounts.
Literally never have I ever seen any of the desktop environments integrate this conveniently, albeit CLIs are better in that regard. "You can" isn't the same as "it's the idiomatic approach to doing X". Same with installing packages in a per-user way, so a bad package can't harm anything outside of its sandbox (which in practice you achieve with containers, but those can be inconvenient to work with and you'd probably want VMs for more security anyways). You can have many users, sure, but all it takes is one bad system-wide package, one bad script executed as root (e.g. install scripts, compromised packages) or even not being careful enough with file permissions and things go wrong.
Contrast that to Qubes: https://doc.qubes-os.org/en/latest/introduction/intro.html#q...
Now that was literally built for such a use case (it's based on isolated VMs and works well with Linux distros inside those, really cool project).
I do not know since when (I am using it for couple of years), but in Arch, it is very simple to have two X sessions (by using "log out" > "switch user") for two different accounts, so switching it's just a Control-Alt-F7 away.
Additionally, one can make the main user part of the group of the development user, so that you can read/write easy in the development user account and it is even easier to share stuff.
It doesn't really matter which distribution you use, you can use approximately all the software with any distribution.
They mostly differ a bit in how they are configured and what package manager they use and how they roll out updates. (And in what's installed by default.)
Multiple X sessions has been possible for decades. I think its possible with Wayland too.
You can also start applications as another user so you do not even need multiple sessions.
There are quite a lot of privilege escalation attacks so I am not sure this is sufficiently solid.
You can also use X namespace
It's off topic, and it was also possible for decades, but:
you can connect two sets of mouse, keyboard and monitor to one PC and have two people using it, each running their own X session. The true multi boxing!
Possible and available without any specific configuration on my side (except creating the user) are different things. I know I managed it many years ago with some effort, but nowadays it was just available.
You are correct that it should not be seen as a perfect protection, but considering the effort to set it up I see it as worth it. By seeing in this thread how many people do not use anything similar (ex: containers, separate users, etc), I hope attackers will just be lazy and target those people first, why bother with a local privilege escalation when interesting data is just in the same account?
sudo useradd -m [username] ?
su [username] ?
Or am I understanding your idea about switching context wrong?
This doesn't really when the CLI tool needs to access any data in your /home. There isn't a straightforward way using standard POSIX tools to share a directory with another user. (Of course it's possible, but it's not easy.)
> There isn't a straightforward way using standard POSIX tools to share a directory with another user.
* chmod lets you share with everyone
* addgroup and chown let you share with a specific group of users.
Then you set up a shared directory with common group permissions
Why would the CLI tool need to access any data in your $HOME?
Your private SSH keys? Your browser’s cookie jar? Your tax reports?
If the CLI tool needs to access arbitrary data from your home directory, then it is you. There is no security boundary between you and another user with full access to everything you own.
If you want to share specific directories, you can just put the shared directory in a common location, set it to be owned by some group, and make both users a member of that group. I don't see anything not-straightforward in there?
1 reply →
While I agree, containerization is awesome, on linux, you can just create a devUser and `sudo devUser theThing`
not the same thing. Containerization prevents devUser from accessing your machine root with its root. By containerizing, if devUser tries to sudo or su and gets a root, it will only be their root and not your root. Read up on cgroups.
Successful sudo from a cgroup still makes you root on the machine. What you want for this is user namespaces, not (just) cgroups.
1 reply →
Why would you allow devUser sudo?
1 reply →
[dead]