[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [RFC] A simple draft for channels
From: |
Ricardo Wurmus |
Subject: |
Re: [RFC] A simple draft for channels |
Date: |
Tue, 23 Jan 2018 07:38:46 +0100 |
User-agent: |
mu4e 1.0-alpha3; emacs 25.3.1 |
Hi Pjotr,
> On Fri, Jan 19, 2018 at 02:41:42PM +0100, Ludovic Courtès wrote:
>> Authorizing keys is necessarily limited to root since the store is
>> shared among all users of the machine. I don’t see any way around that
>
> Well, the daemon could update itself with its own privileges.
I think Ludo’s point is that this is a security issue, not a technical
limitation.
> How
> about maintaining authentication for a channel at runtime in RAM. When
> the daemon restarts it is lost. The channel will not be shared with
> other users. So every user maintains their own channels. When a
> channel reconnects it authenticates itself again.
It all ends up in the store though and is thus available to everybody.
> There really is no reason to share individual channels between users
> (other then their outputs).
Yes, channel configuration and state is kept in the user’s home
directory. But authorization for downloading and installing substitutes
in /gnu/store currently still falls to root.
--
Ricardo
GPG: BCA6 89B6 3655 3801 C3C6 2150 197A 5888 235F ACAC
https://elephly.net
Re: [RFC] A simple draft for channels, Ricardo Wurmus, 2018/01/23