undefined | Better HN

0 pointssimoncion9mo ago0 comments

> The context is that on a traditional Linux laptop/desktop you are in fact running everything as one user.

Um. Have you ever run 'ps aux', guy? At minimum you're running everything as two users (root and your user account), and probably three to twenty more, depending on what you have installed. I know that on my desktop system

  ps axo user | sort -u | grep -v USER | wc -l

returns 12. Even back in the late 1990s/early 2000s, the default method of operation for Linux systems was to use multiple machine accounts.

> And no nearly all 100% of Linux systems do not run proper multi-user configurations because none of the most popular distributions ship like that. Not in the context of desktop usage anyway.

In addition to my commentary above, see: <https://help.ubuntu.com/stable/ubuntu-help/user-add.html.en>

Most Linux systems don't run every single program as a separate Linux user. That doesn't mean that those systems are "in fact running everything as one user".

0 comments

akdev1l9mo ago

are you linking to the fact that “useradd” exists to prove your point…?

Lmfaoooo

I’m assuming you have actually never ran a linux on your desktop. Lmaooooo.

Yeah sure init runs as root, and maybe you have background services that run as some other user.

BUT YOUR ACTUAL DESKTOP SESSION RUNS AS ONE USER. THIS INCLUDES YOUR BROWSER, YOUR PASSWORD MANAGER AND ALL YOUR OTHER SHIT!

https://paste.centos.org/view/f8e5ec76

so multi-user much secure

You know being a know-it-all only really works if you know what you are talking about.

Feel free to dig into the code of gnome-session if you don’t believe me.

simoncionOP9mo ago

> BUT YOUR ACTUAL DESKTOP SESSION RUNS AS ONE USER.

Yes, the things I personally run nearly always run under my user account. I've never said otherwise. I've also said that Android doesn't do things this way, and that that's a good thing. As I mentioned in my comment to TheDong: [0]

> [I]t's my understanding that Android does bother to fairly properly sandbox programs from each other... so an escalation to root would actually be a significant gain in access.

And my comment to you: [1]

> In this context, "single user system" means either "single human using the system", or "one human physically sat in front of the system's 'console' at one time". ... So, nearly 100% of "single user systems" of this type will have software running under different "user" accounts on the system, but still meet the definition, because those accounts are actually "machine" or "service" accounts.

And from that same comment:

> > Android security is tight

> Yep. That's what I said: "[I]t's my understanding that Android does bother to fairly properly sandbox programs from each other... so an escalation to root would actually be a significant gain in access."

Moving on.

> Yeah sure init runs as root, and maybe you have background services that run as some other user.

Correct. That's why I said:

> Most Linux systems don't run every single program as a separate Linux user. That doesn't mean that those systems are "in fact running everything as one user".

Before you succumb to another fit of rage, take a few deep breaths, review my previous comments, and notice my critique about how Android does things, as well as my commentary about how Android is also a "single-user system" (as TheDong was using the term), and how I think the term is pretty bad, but it's the one that's widely used.

[0] <https://news.ycombinator.com/item?id=44353534>

[1] <https://news.ycombinator.com/item?id=44365898>

j / k navigate · click thread line to collapse