On Sunday, August 03, 2025, at 11:28 AM, tlaronde wrote: > So I asked myself if there was some mean to do the reverse from "starting as unprivileged and then promoting": starting as root and then degrading to unprivileged, emerging back to root only when needed (hence without having the burden to give a password). This for the most part already exists, systemd when starting a daemon, if the daemon configuration file has a user specified, will drop to that user, though I'm sure I'm missing some crucial details. However, Ansible is more interesting as it implements this exact feature, though with some complexities and headaches. (https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_privilege_escalation.html#risks-and-limitations-of-become) Starting as root then dropping privileges during points in playbook execution is not often used as this feature is seldom beneficial.
On Sunday, August 03, 2025, at 11:28 AM, tlaronde wrote: > The only possible answer I was able to think of, would imply the (Unix) sticky bits on some programs (whatever program having to deal with configuration, compilation or even a special shell or compilation script that will propagate "nobody" or "joe" to what it calls and doing everything except installation). I'm not sure what you mean, are you referring to using the setuid bit? On Sunday, August 03, 2025, at 11:28 AM, tlaronde wrote: > Now, comparing to Plan9 / Nix: I could imagine running a core with lower privileges: a "vulcan" (typically a compilation/building core). But would then be some sense in using the file modes to indicate this kind of restricted privileges for a program? Or, when such programs are binded in the namespace, offered by some server, accessing/exec'ing the programs will launch automatically a dedicated CPU core, with lower privileges? This sounds a lot like a design for a build system where jobs are sent and workers are requested on demand. Koji, Fedora's build system works very similarly to this, though it is severely held back by the monolithic UNIX design. This is an area I would like to do more research on, more specifically nodes which are brought up on demand with the controls cleanly fitting into the current namespace. ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T924b170304d49c32-Me0ce51a5090a402e99c86563 Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
