I have been thinking for a while now about ways to implement multi-user support under Haiku - but the more I thought about it, the more I realized something:
We have come full circle. Haiku is a desktop operating system for personal computers. Since the computer is personal, why not abandon multi-user support entirely?
Now, stay with me here since this is where it gets interesting…
Instead of multi-user support on a single machine, what I would love to see and maybe even help design is the following scenario:
Windows is very successful in the enterprise in part due to its integrated Active Directory services. Why not create something similar for Haiku for the multi-user scenario.
Haiku would have a “system password” which is set at install time and is used for confirming local software package installation (depending on how that is done), access to system files, etc.
When booting the system, ZeroConf checks for “domain controllers” - basically LDAP directories referencing shared home folders (NFS or something better?). If more than one domain is found, either present the user with a list or force it to be set by “holding alt to make the system password box visible and entering the system password”.
The user then logs in and authenticates against the directory service (running on a unix box - remember Haiku is a desktop focused OS) and the user home directory is mounted.
The end goal would be to enable remote administration of users, groups, permissions etc (using an application within Haiku) of the LDAP resource in a simple manner for adding users, groups, etc.
Although “Haiku is Not Linux”, one of the problems for business desktop use is ease of LDAP / PAM / Kerberos / NFS setup. Maybe we can make something more fixed for Haiku along those lines.
…Probably not for R1
I like the idea in general - but I think Haiku should support multiple local users too.
I wonder if it could be possible to build something where the home directory is mounted from a network but also mirrored locally and then intelligently synced. Kind of like distributed version control for the whole filesystem. It would be great to have the advantages of a network home directory but without the delays (the syncing could happen more slowly in the background) and it would also be brilliant to be able to just unplug from the network and carry on as though nothing has happened. The only issue would be if you then login from another box and have two diverging home directories to merge somehow.
Well just to enlighten a few about the possibilities of MIT Kerberos it is basically a ticket based authentication system which can be quite nice but I see it getting in the way in non bussiness/edu enviroments basically you have a password to get a ticket that allows you to get tickets from other various ticket servers (as many as need ie printing ticket network acess ticket software license tickets and so on… )
My college uses Kerberos extensivly and it makes it very convineint to have single login acess to all services that I am allowed to use for instance if there is some solaris box name sol.uncc.edu I merely ssh sol.uncc.edu and I am immediatly logged in no futher authentication required as I have already authenticated my Kerberos session when initially logging in. Do note however that most application must be kerberized to support the ticket based authentication many software packages already have support though.
A network filesystem that might be of use is AFS my college also uses this extensivly for roaming profiles so that I have my customised desktop where ever I login on the mosaic network. AFS could indeed be of use to implement roaming prefereces in haiku that would be acessable from any haiku computer you login to that is connected to the internet.
I acually won the NC space grant for a similar idea (roaming profile) although it wasn’t network based it was more like (roaming profile on sneakernet ) so I think such a thing is highly desirable especially so for haiku as it is a desktop operating system and people like to have thier preferences setup as they like where ever they go.
I don’t know… The Windows method is merely an authorization to do a specific task, e.g. run a program, while logging in as root is actually “becoming someone else”, rule-wise. Under Windows, the administrator authentication just allows you to do more, but the system where you do it is exactly the same - while user root could have some completely different settings, see /sbin and /usr/sbin plus (on the other hand) some programs don’t run at all when being root. And by the way, I really wish I could install & run programs as a normal user under windows, thus being sure that these program don’t get a chance to tamper the system at all.
This may be nothing but an unjustified (but biased) feeling. For me, Linux > Windows by far. I (must) use Windows at work, but I’m glad that I don’t have to use it at home at all.
Then again, Windows is THE target for all malware. Others are quite ignored. So if not done worse than MS did, using Haiku instead of Windows would mean a security boost to 99.99% (from the 1-20% that windows offers, depending on the windows version) alone.
Just my thoughts.
I also primarily use Linux and I agree with you to an extent - although I don’t think this necessarily introduces the same security problems since we don’t have to do it the same way exactly. OpenAFS could work well for loading user profiles from a server. I know this sounds kind of Windows centric but I do prefer using Linux/Unix systems. Bear in mind also, Haiku is for the desktop.
I’m afraid that I haven’t followed all of this, but it all sounds rather complicated to me. How about keeping the whole thing really simple, and having files and settings kept in password-encrypted directories? The user then would just type-in the password for his directory, and in that there would be a folder for settings with a program that automatically loads them, and a home folder. Or, this could be automated in a login box at bootup. Then, we would have the best of both worlds. The user chooses or types his username, and enters a password. Then, without the fuss of multiple accounts, Haiku could simply unlock a directory and maybe emulate it’s contents as the home directory, and load the settings. There is no ‘user account’ as such, keeping the design simple, yet the functionality of a multi-user system exists.
I totally agree with that.
I am just an advanced user for computers. I used all kinds of computers before. If not for a huge organization, you don’t need the computer system with multiuser.
I worked for a big research collaboration, there were more than 800 Ph.D.s. I found only when I took something from servers we need multiuser, in other situation, everyone has their own computer. Basically all the sensitive information should be in the database. For a pc, why bothering a password?
Now I am working for hospital, all the computers have the same user name and password. Everyone can access every computer. All the information about patient or about your activities are recorded in the database. You only type password for your activity not for computer. So if you are in a really world, you have few chance really for multiuser.
Hospitals offices colleges have all been notorious for having bad security just cause someone else does it doesn’t mean it is good.
Encrypting the settings or the whole user directory is bad because it slows everything down.
All having the same password is also bad since once you hack one you have them all
Security should never be a facade it should either be there or not no joking around. encrypting your files doesn’t mean that someone can’t copy them off and decrypt them later (GPUs FPGA etc… make decryption fast in many cases) It would be better for them to never be able to access your files to copy them which inherently means real multiuser
And for the paranoid why not have both as options? In any case if haiku gets multiuser and I am pretty sure it will since other features need it I am sure the Haiku devs will do an excellent job
Also if you don’t have real multiuser and you are on a network if someone gets into your computer and you were using the encrypted user directory method what would prevend the hacker from reading your settings and even encryption password from ram?
There is always a gap between reality and theory. I don’t object multiuser but I just don’t think it is really useful. Windows and linux provide multiuser. But I like many others just use one privilege account for it is my computer.
So don’t I have the basic knowledge of computer security? Yes, I have. But the gain for security compromises much a lot convenience. Let me tell you some horrible thing, most of the computer systems in medical field from the same vendor will share the same user name and password in the whole world. So you know, not for a hospital, it is for WHOLE world. Do we really lose patient information every day? Maybe. But all the computer is behind the network, behind the firewall. Some guy needs first break the firewall. If he breaks firewall, he will find something more valuable for them. I also don’t think it is a good practice to use the same password and user name for the whole world. But people are lazy. It is the reality. So you couldn’t expect people to do this.
I just read news, 64% windows security from the administrator http://www.osnews.com/story/23088/64_of_MS_Vulnerabilities_Mitigated_by_Removing_Admin_Rights
So it is multiuser, I would like to know which account you use in your windows. Do you login as an admin?
I think the security need a revolutionary change, not depend on human beings, but on other mechanics. Maybe someday, we can use our fingerprint as password.
I use windows as a dialup internet crutch at home so it doesn’t matter what I login as my account does happen to be admin but non of the other people that use it are admin… I mean I am using ICS to linux right now lol.
A hospital near where I live threw out a computer with patients records on it no password just threw it out… amazing isn’t it.
Is entering a single password at login THAT difficult there are millions of facebook users that know practically nothing about computers but they can enter their login just fine!? I don’t care how lazy hospital or college admins are I just think that a sane password protection scheme should be available to people who want it.
People do know how to enter passwords this is a fact and they do not know how to use pass word managers this too is a fact lol cause when they delete thier history and have to reenter thier password it confuses them and they just always enter it so they don’t get lazy and forget thier pass
Single user doesn’t mean we don’t need password.
By the way, your story is even more horrible than mine. They threw the computer with patient information was against the law. Hospital here they use the same password has excuse. But this just simple deposit patient information is unimaginable. You should contact the patient and suggest their lawyer sue the hospital.
I really like the idea of multiple log ons to the same computer screen. I don’t currently have much use for such a situation but it could be interesting. For example, you could register different keyboards/mice to different users and then have shared applications as well as individual applications. Also, you could implement a change user function in the tab, which would give control to that user or (if they aren’t logged on) when the user logs on, they would be told that they have received an application from so-and-so and ask them if they would like to open it. You could even go further and implement an over the network version of this, so you could send friends and family programs or documents without having to worry about installation or compatibility.
This idea sounds great - now I won’t have to worry about being the user and the administrator.
A single user OS like that would unnecessarily restrict its number of users. Lots of people share computers and have a need to keep their stuff neatly separated from others’ stuff on the same disk.
Your idea is great for phones and tablets, and for desktops that are used in places where thin clients would likely work well too. But the shared single desktop computer still exists too and probably won’t ever go away.
That said, there is no need to make Haiku work the same as existing multiuser OSes. How about allowing multiple users to log in using the same screen? Just give windows belonging to different users different tab colors, and make sure users can give files/data to each other but not take without permission.
Allowing multiple keyboards and mice would then of course be a good idea too, and allowing a remote user to join… But those are nice extras.
This idea even makes sense on a system that is used by only one person. For example I’d love to be able to talk in an instant messenger to someone I owe money and at the same time do internet banking, and be absolutely 100% sure that no data can flow from my banking to whoever might be exploiting a security hole in the instant messenger. It’s not enough for the processes to be separated in RAM - there’s stuff like the browser cache and cookies on disk…
I know, security is difficult and people are just too lazy and stupid for it. But giving up is not the right solution. Making security easy is.
For an over the network version where you could send apps to people who are offline, you’d need to make sure your own computer is still on and connected when they log in. Either that or you need a way to archive the state of a program and send it to another computer, which would be VERY difficult if they have different processor architectures.
Here’s another way a shared screen could be useful even without the network functionality:
mom: Where did you put those photos?
pop: Oops, sorry, those are in my account. Let me give them to you. logs in and drag’n’drops the photos mom points at
Compare that to how current multiuser OSes work:
mom: Where did you put those photos?
pop: Oops, sorry, those are in my account. Let me give them to you. switches user
pop: Which ones exactly did you need?
mom: Ummm… It’s in that email… switches user
pop: switches user OK, here they are. I’ll just email… wait no, I’ll put them on this USB… no wait we have a shared folder… Oh my there is a lot of old junk in this shared folder…
mom: Stop playing with the computer and give me those photos!
pop: Okay okay. drag’n’drops photos to shared folder logs off
mom: You forgot that one photo.
Ah, I forgot about architecture problems. I suppose that would require both computers to be on, at least if you’re sending to a different architecture. But if both computers are the same type, I think it would be nice to have a feature that saves the state of the program and sends it and the files to the other computer, where the other user can open it and continue right where you left off. This could be especially useful for group projects; if we go even further we could even make it so two people can work on a file at once (with changes showing up in red or bold or something.)
What would be nice is an api (that can be disabled and would require a very long ID number and/or pre-authenticating a device for this feature) to remotely give another user access to your files (not system files though.) That way I could allow someone temporary access to a file; even if I’m not present. Like the networked program idea, this too would be difficult and would probably be impossible to make it secure.
In your example, it may also be possible to open to the folder and then just pass control to the other user. Then when the window is closed, or the other user navigates away they lose permission to be in that folder. Regardless, I do think that this is an interesting prospect, even without the network capability (and the fact that I don’t share my computer.)
You can already get this functionality with text editing, with 3D editing, and with some painting/ drawing tools. Probably other applications too. The most famous example might be SubEthaEdit on OS X.
I am in favor of remaining single user, however I would like to see support for a single user to be able to access the resources of many computers from a single desktop.
Say I live in a household with five computers, each with their own user, if I am doing something on my system that maxes out some resource on the system be it the cpu, storage, or the internet connection it should transparently to me tap the other four systems in my household as needed.
You can already get this functionality with text editing, with 3D editing, and with some painting/ drawing tools. Probably other applications too. The most famous example might be SubEthaEdit on OS X.[/quote]
I didn’t know that. Which is why it should be integrated into the API. If it is made an official part of the OS then more people will know about it and thus be able to use its functions.
Single user is just fine…