home.social

#utmps — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #utmps, aggregated by home.social.

  1. @ska

    #s6 doesn't even have anything dealing generally with the #Unix accounts database in the first place, does it?

    That is more the domain of nsss and utmps, ne?

    #utmps #nsss

  2. @ska

    #s6 doesn't even have anything dealing generally with the #Unix accounts database in the first place, does it?

    That is more the domain of nsss and utmps, ne?

    #utmps #nsss

  3. @ska

    #s6 doesn't even have anything dealing generally with the #Unix accounts database in the first place, does it?

    That is more the domain of nsss and utmps, ne?

    #utmps #nsss

  4. @ska

    #s6 doesn't even have anything dealing generally with the #Unix accounts database in the first place, does it?

    That is more the domain of nsss and utmps, ne?

    #utmps #nsss

  5. @ska

    #s6 doesn't even have anything dealing generally with the #Unix accounts database in the first place, does it?

    That is more the domain of nsss and utmps, ne?

    #utmps #nsss

  6. […Continued]

    The parallels to #utmps now show up, because that's also effectively a hook into login (except through libc rather than PAM) that talks to a server via IPC to maintain a login database, just one that doesn't couple to a whole shedload of extra stuff, or use #DesktopBus.

    Whilst utmps is alright, I still think that kernels should just provide access to the session tables that they already maintain.

    Moreover:

    [Continued…] #Debian #nosh

  7. […Continued]

    The parallels to #utmps now show up, because that's also effectively a hook into login (except through libc rather than PAM) that talks to a server via IPC to maintain a login database, just one that doesn't couple to a whole shedload of extra stuff, or use #DesktopBus.

    Whilst utmps is alright, I still think that kernels should just provide access to the session tables that they already maintain.

    Moreover:

    [Continued…] #Debian #nosh

  8. […Continued]

    The parallels to #utmps now show up, because that's also effectively a hook into login (except through libc rather than PAM) that talks to a server via IPC to maintain a login database, just one that doesn't couple to a whole shedload of extra stuff, or use #DesktopBus.

    Whilst utmps is alright, I still think that kernels should just provide access to the session tables that they already maintain.

    Moreover:

    [Continued…] #Debian #nosh

  9. […Continued]

    The parallels to #utmps now show up, because that's also effectively a hook into login (except through libc rather than PAM) that talks to a server via IPC to maintain a login database, just one that doesn't couple to a whole shedload of extra stuff, or use #DesktopBus.

    Whilst utmps is alright, I still think that kernels should just provide access to the session tables that they already maintain.

    Moreover:

    [Continued…] #Debian #nosh

  10. […Continued]

    The parallels to #utmps now show up, because that's also effectively a hook into login (except through libc rather than PAM) that talks to a server via IPC to maintain a login database, just one that doesn't couple to a whole shedload of extra stuff, or use #DesktopBus.

    Whilst utmps is alright, I still think that kernels should just provide access to the session tables that they already maintain.

    Moreover:

    [Continued…] #Debian #nosh

  11. pam_systemd -> dbus-daemon -> systemd-logind -> dbus-daemon -> systemd

    One could add more loops through dbus-daemon to make starting a dæmon at login even loopier, I suppose. (-:

    It's interesting that @ska 's utmps would be a less circuitous way of achieving this. Because this is really just keying things off of insertions/deletions to an active logins table. One that has extra Desktop Bus compared to the original.

    Lots of extra Desktop Bus.

    #PAM #DesktopBus #utmps #utx

  12. pam_systemd -> dbus-daemon -> systemd-logind -> dbus-daemon -> systemd

    One could add more loops through dbus-daemon to make starting a dæmon at login even loopier, I suppose. (-:

    It's interesting that @ska 's utmps would be a less circuitous way of achieving this. Because this is really just keying things off of insertions/deletions to an active logins table. One that has extra Desktop Bus compared to the original.

    Lots of extra Desktop Bus.

    #PAM #DesktopBus #utmps #utx

  13. pam_systemd -> dbus-daemon -> systemd-logind -> dbus-daemon -> systemd

    One could add more loops through dbus-daemon to make starting a dæmon at login even loopier, I suppose. (-:

    It's interesting that @ska 's utmps would be a less circuitous way of achieving this. Because this is really just keying things off of insertions/deletions to an active logins table. One that has extra Desktop Bus compared to the original.

    Lots of extra Desktop Bus.

    #PAM #DesktopBus #utmps #utx

  14. pam_systemd -> dbus-daemon -> systemd-logind -> dbus-daemon -> systemd

    One could add more loops through dbus-daemon to make starting a dæmon at login even loopier, I suppose. (-:

    It's interesting that @ska 's utmps would be a less circuitous way of achieving this. Because this is really just keying things off of insertions/deletions to an active logins table. One that has extra Desktop Bus compared to the original.

    Lots of extra Desktop Bus.

    #PAM #DesktopBus #utmps #utx

  15. pam_systemd -> dbus-daemon -> systemd-logind -> dbus-daemon -> systemd

    One could add more loops through dbus-daemon to make starting a dæmon at login even loopier, I suppose. (-:

    It's interesting that @ska 's utmps would be a less circuitous way of achieving this. Because this is really just keying things off of insertions/deletions to an active logins table. One that has extra Desktop Bus compared to the original.

    Lots of extra Desktop Bus.

    #PAM #DesktopBus #utmps #utx

  16. @ska

    It's interesting how close but still how frustratingly far off #FreeBSD is in this regard.

    The setlogin() name is per-session, not per-process. But whilst there is a sysctl() for snapshotting the process list, there isn't one for snapshotting the session list.

    Apart from session objects lacking a creation timestamp and a "hostname", everything "who" needs is actually already maintained by the kernel, just inaccessibly.

    github.com/freebsd/freebsd-src

    #ttylogin #utmps

  17. @ska

    It's interesting how close but still how frustratingly far off #FreeBSD is in this regard.

    The setlogin() name is per-session, not per-process. But whilst there is a sysctl() for snapshotting the process list, there isn't one for snapshotting the session list.

    Apart from session objects lacking a creation timestamp and a "hostname", everything "who" needs is actually already maintained by the kernel, just inaccessibly.

    github.com/freebsd/freebsd-src

    #ttylogin #utmps

  18. @ska

    It's interesting how close but still how frustratingly far off #FreeBSD is in this regard.

    The setlogin() name is per-session, not per-process. But whilst there is a sysctl() for snapshotting the process list, there isn't one for snapshotting the session list.

    Apart from session objects lacking a creation timestamp and a "hostname", everything "who" needs is actually already maintained by the kernel, just inaccessibly.

    github.com/freebsd/freebsd-src

    #ttylogin #utmps

  19. @ska

    I was pointing out on Hacker News how it had never really fully reconciled even pseudo-terminals into the design.

    A better design of the "active logins" part would incorporate two observations:

    1. For every login session there's some device in /dev that gets chown-ed to/is created by the user.

    2. Really, kernel support is needed for a first-class session object; that can be enumerated. This idea has been knocking around since the 1980s, of course.

    #utmps #ttylogin

  20. @ska

    I was pointing out on Hacker News how it had never really fully reconciled even pseudo-terminals into the design.

    A better design of the "active logins" part would incorporate two observations:

    1. For every login session there's some device in /dev that gets chown-ed to/is created by the user.

    2. Really, kernel support is needed for a first-class session object; that can be enumerated. This idea has been knocking around since the 1980s, of course.

    #utmps #ttylogin

  21. @ska

    I was pointing out on Hacker News how it had never really fully reconciled even pseudo-terminals into the design.

    A better design of the "active logins" part would incorporate two observations:

    1. For every login session there's some device in /dev that gets chown-ed to/is created by the user.

    2. Really, kernel support is needed for a first-class session object; that can be enumerated. This idea has been knocking around since the 1980s, of course.

    #utmps #ttylogin

  22. @ska

    I was pointing out on Hacker News how it had never really fully reconciled even pseudo-terminals into the design.

    A better design of the "active logins" part would incorporate two observations:

    1. For every login session there's some device in /dev that gets chown-ed to/is created by the user.

    2. Really, kernel support is needed for a first-class session object; that can be enumerated. This idea has been knocking around since the 1980s, of course.

    #utmps #ttylogin

  23. @ska

    I was pointing out on Hacker News how it had never really fully reconciled even pseudo-terminals into the design.

    A better design of the "active logins" part would incorporate two observations:

    1. For every login session there's some device in /dev that gets chown-ed to/is created by the user.

    2. Really, kernel support is needed for a first-class session object; that can be enumerated. This idea has been knocking around since the 1980s, of course.

    #utmps #ttylogin

  24. @ska

    DEAD_PROCESS is harder, as it's often written by the parent process on Linux. (On FreeBSD, the PAM session holder process declares itself dead, because pututxline() is called both ways within the pam_lastlog module.)

    But it might be worth adding a check that a process really does not exist before a client (that isn't that very process declaring itself dead) can declare it to be dead.

    #ttylogin #utmps

  25. @ska

    DEAD_PROCESS is harder, as it's often written by the parent process on Linux. (On FreeBSD, the PAM session holder process declares itself dead, because pututxline() is called both ways within the pam_lastlog module.)

    But it might be worth adding a check that a process really does not exist before a client (that isn't that very process declaring itself dead) can declare it to be dead.

    #ttylogin #utmps

  26. @ska

    DEAD_PROCESS is harder, as it's often written by the parent process on Linux. (On FreeBSD, the PAM session holder process declares itself dead, because pututxline() is called both ways within the pam_lastlog module.)

    But it might be worth adding a check that a process really does not exist before a client (that isn't that very process declaring itself dead) can declare it to be dead.

    #ttylogin #utmps

  27. @ska

    DEAD_PROCESS is harder, as it's often written by the parent process on Linux. (On FreeBSD, the PAM session holder process declares itself dead, because pututxline() is called both ways within the pam_lastlog module.)

    But it might be worth adding a check that a process really does not exist before a client (that isn't that very process declaring itself dead) can declare it to be dead.

    #ttylogin #utmps

  28. @ska

    DEAD_PROCESS is harder, as it's often written by the parent process on Linux. (On FreeBSD, the PAM session holder process declares itself dead, because pututxline() is called both ways within the pam_lastlog module.)

    But it might be worth adding a check that a process really does not exist before a client (that isn't that very process declaring itself dead) can declare it to be dead.

    #ttylogin #utmps

  29. @ska

    Preventing any client process upserting a USER_PROCESS record type for anything other than its own PID is probably a quite strong security check. More restrictive than group membership checks.

    I checked util-linux's agetty and login, as a start. They only put their own PID in the process ID field. And they already look for an existing record to update by PID.

    So it's an idea worth considering.

    github.com/util-linux/util-lin

    #ttylogin #utmps

  30. @ska

    Preventing any client process upserting a USER_PROCESS record type for anything other than its own PID is probably a quite strong security check. More restrictive than group membership checks.

    I checked util-linux's agetty and login, as a start. They only put their own PID in the process ID field. And they already look for an existing record to update by PID.

    So it's an idea worth considering.

    github.com/util-linux/util-lin

    #ttylogin #utmps

  31. @ska

    Preventing any client process upserting a USER_PROCESS record type for anything other than its own PID is probably a quite strong security check. More restrictive than group membership checks.

    I checked util-linux's agetty and login, as a start. They only put their own PID in the process ID field. And they already look for an existing record to update by PID.

    So it's an idea worth considering.

    github.com/util-linux/util-lin

    #ttylogin #utmps

  32. @ska

    Preventing any client process upserting a USER_PROCESS record type for anything other than its own PID is probably a quite strong security check. More restrictive than group membership checks.

    I checked util-linux's agetty and login, as a start. They only put their own PID in the process ID field. And they already look for an existing record to update by PID.

    So it's an idea worth considering.

    github.com/util-linux/util-lin

    #ttylogin #utmps

  33. @ska

    Preventing any client process upserting a USER_PROCESS record type for anything other than its own PID is probably a quite strong security check. More restrictive than group membership checks.

    I checked util-linux's agetty and login, as a start. They only put their own PID in the process ID field. And they already look for an existing record to update by PID.

    So it's an idea worth considering.

    github.com/util-linux/util-lin

    #ttylogin #utmps

  34. @ska

    news.ycombinator.com/item?id=4

    Mentioning your work got me thinking.

    Ignoring all of the boot/timechange/shutdown stuff, there are just 2 main pututxline() operations for utmp: upsert a USER_PROCESS record about the current process and write a DEAD_PROCESS record over the top of it.

    Even on Linux, INIT_PROCESS and LOGIN_PROCESS are now junk; coming around to the situation as it has been on the BSDs all along.

    #ttylogin #utmps

  35. @ska

    news.ycombinator.com/item?id=4

    Mentioning your work got me thinking.

    Ignoring all of the boot/timechange/shutdown stuff, there are just 2 main pututxline() operations for utmp: upsert a USER_PROCESS record about the current process and write a DEAD_PROCESS record over the top of it.

    Even on Linux, INIT_PROCESS and LOGIN_PROCESS are now junk; coming around to the situation as it has been on the BSDs all along.

    #ttylogin #utmps

  36. @ska

    news.ycombinator.com/item?id=4

    Mentioning your work got me thinking.

    Ignoring all of the boot/timechange/shutdown stuff, there are just 2 main pututxline() operations for utmp: upsert a USER_PROCESS record about the current process and write a DEAD_PROCESS record over the top of it.

    Even on Linux, INIT_PROCESS and LOGIN_PROCESS are now junk; coming around to the situation as it has been on the BSDs all along.

    #ttylogin #utmps

  37. @ska

    news.ycombinator.com/item?id=4

    Mentioning your work got me thinking.

    Ignoring all of the boot/timechange/shutdown stuff, there are just 2 main pututxline() operations for utmp: upsert a USER_PROCESS record about the current process and write a DEAD_PROCESS record over the top of it.

    Even on Linux, INIT_PROCESS and LOGIN_PROCESS are now junk; coming around to the situation as it has been on the BSDs all along.

    #ttylogin #utmps

  38. @ska

    news.ycombinator.com/item?id=4

    Mentioning your work got me thinking.

    Ignoring all of the boot/timechange/shutdown stuff, there are just 2 main pututxline() operations for utmp: upsert a USER_PROCESS record about the current process and write a DEAD_PROCESS record over the top of it.

    Even on Linux, INIT_PROCESS and LOGIN_PROCESS are now junk; coming around to the situation as it has been on the BSDs all along.

    #ttylogin #utmps