Re: utmps: database cursor position and pututxline(3)

From: Xavier Stonestreet <xstonestreet_at_gmail.com>
Date: Mon, 12 Apr 2021 18:54:17 +0200

Thanks for sharing your thoughts - I appreciate, and learn from, your input.

Again I didn't mean to belittle or devalue your work, quite the
opposite. I'm disappointed and underwhelmed by the interface and its
usage, not by the implementation. Also referring to the s6 as an
"ecosystem" was silly, sorry. The s6 infrastructure would be more
appropriate.

On Mon, Apr 12, 2021 at 1:14 PM Laurent Bercot <ska-skaware_at_skarnet.org> wrote:
>
> I have exactly zero doubt that any attempt at designing a "modern"
> framework for user accounting would manage to do worse than utmp.
> systemd has done exactly that. Other attempts would be similar.
> People who would actually take time and energy to do this right are
> not interested in doing it, because user accounting is 1. ultimately
> user snooping, and 2. becoming useless by the day with the way Unix
> is used now.
>
> As you said, it's best to let it die - not because utmp is bad, but
> because *the concept of user accounting* is bad.
>

It's true that the old days of time-sharing and university servers
with dozens of users are long gone and in that light full user
accounting is pretty useless and privacy-invading. But the basic
feature of reliably and trustingly keeping track of which users are
connected to the system at any given time remains essential. And it
would be nice if it were done across services (e.g. mail, smb, web,
etc.), not just terminal logins, without having to run a dozen
different tools or consult a dozen different logs. Some kind of
self-hosted Kerberos, if you will, although it's not the correct
analogy since Kerberos is only concerned about authentication, but
hopefully you get the idea, with the accompanying reporting tools.
Which could be extended and upscaled to a centralized client/server
model if needed with a choice of back-ends.

I'm lamenting the sorry state of basic user administration and
security software on Linux. We have antiquated tools such as
shadow-utils, util-linux, which code is laden with legacy stuff and
burdened with hooks to linux-pam, SElinux, libaudit, utmp, and
whatnot. Then there are the services, which are more or less equally
afflicted. It looks like a big ol' mess to me.

On one side we have bare-bones embedded Linux systems powering IoT
devices which are woefully insecure, constantly hacked and
participating in botnets. On another side we have Red Hat (aka IBM)
bloated monsters. There is no "modern" middle-ground that I'm aware
of.
Received on Mon Apr 12 2021 - 16:54:17 UTC

This archive was generated by hypermail 2.3.0 : Sun May 09 2021 - 19:38:49 UTC