ReactOS security
Moderator: Moderator Team
-
- Posts: 235
- Joined: Sat Nov 27, 2004 1:06 pm
- Location: España, al sur con el solecito
- Contact:
ReactOS security
I wanna know how the security will be implemented on ROS, will it be like a unix or windows system (based on root or non-root accounts)?? or will be another way??, maybe like eros??
Re: ReactOS security
The fact is that we can't do like in *nix, because Ms never forced developers to make thier software non-root/admin proofed. The normal windows user would not understand why Ros, does not let him use all software we wants.HUMA2000 wrote:I wanna know how the security will be implemented on ROS, will it be like a unix or windows system (based on root or non-root accounts)?
I don't know eros, but maybe it can be done like this: The user is asked to enter the admin pass when a program tries to do think that the current user is not allow to (insteed of the "you don't have the rights to do that"-prompt)
Where do you want ReactOS to go today ?
Re: ReactOS security
WinNT, Win2K and XP all have different user levels similiar to *nix (at least superficially, I don't know the internals of how it worked).Dr. Fred wrote: The fact is that we can't do like in *nix, because Ms never forced developers to make thier software non-root/admin proofed. The normal windows user would not understand why Ros, does not let him use all software we wants.
I don't know eros, but maybe it can be done like this: The user is asked to enter the admin pass when a program tries to do think that the current user is not allow to (insteed of the "you don't have the rights to do that"-prompt)
On XP Home, you start off as the admin user, but then you can create new users with lower access levels. I doubt that anyone actually does this, and instead leaves all the users as admin, but the option is there.
Re: ReactOS security
There is a wiki page about this. I read it a while ago.
Yes the option is there. And there are web sides offering tricks for using windows as normal user. But I've heard that you can get carzy if you do that to long.anarcap wrote:On XP Home, you start off as the admin user, but then you can create new users with lower access levels. I doubt that anyone actually does this, and instead leaves all the users as admin, but the option is there.
Where do you want ReactOS to go today ?
Re: ReactOS security
http://mok.lvcm.com/cgi-bin/reactos/roswiki?SecurityDr. Fred wrote:There is a wiki page about this. I read it a while ago.
-
- Posts: 115
- Joined: Wed Jan 05, 2005 10:53 pm
- Location: a thousand miles from Hinterland
- Contact:
I like that. That is definately something windows lacks, and it would be very nice for ros to implement it.I don't know eros, but maybe it can be done like this: The user is asked to enter the admin pass when a program tries to do think that the current user is not allow to (insteed of the "you don't have the rights to do that"-prompt)
caveman LIKES chocolate.
we shall reinvent the wheel until it turns properly.
we shall reinvent the wheel until it turns properly.
Active Directory
I think it would be more useful as a WinNT/2000 Clone if we implemented the security Win2000 uses. So you can actually use ROS in a corporate environment, having a different security system will make it a much more difficult transitition to ROS.
We can make ROS work with WinNT security directives, and after that, implement things that can be usefull to improve its security. I can't explain well my idea in my poor english sorry.
One time that security is compatible with WinNT, ReactOS can get implemented more ways to admin its directives, alternatives. Sorry, I can't explain it well.
One time that security is compatible with WinNT, ReactOS can get implemented more ways to admin its directives, alternatives. Sorry, I can't explain it well.
Dr. Fred there is a feature like what you are talking about already in Windows (starting with 2000 I think). You can right click and there is the option to "Run As" which allows the user to enter another user name and password. (Allows normal users to run programs or installs as admin) I agree that security should be at least similar (hopefully better) to XP and 2000 just so that it is easier for people to use.
Windows also requires you to have several extra services running (and hogging memory) to allow you to use 'Run As'. ROS would (should) need to implement this more like Linux where your not constantly having to use up extra resources to be able to run something as a different user.
I don't know exactly how Linux does it, but I figure its because from the kernel up it supports multiple users, and is designed to be used by multiple users at once. Linux has the ability to set executables to a certain UID (user ID) or GID (group ID) (I think that requires support in the filesystem to set that bit, that _could_ be done in ACLs?). When a file is set UID/GID, it will be run with that user's/group's privileges. This is often used for things that must be run as root, like 'su' and 'sudo' (su stands for 'switch user', it allows you start a shell (like BASH) as that user, sudo allows certain users to be able to run certain commands as a certain user, sometimes with password authentication, sometimes its not required for that specific command).
From what I've read 'Run As' doesn't actually work all that well, if thats true, the ROS devs probably wouldn't have that hard a time to do it better.
I'm about to start a class on MS Visual C++ (which will be good for learning the Windows API, I've only done C++ in Linux), I'm also in the process of learning C so I hope I'll be able to contribute some actual code eventually.
I don't know exactly how Linux does it, but I figure its because from the kernel up it supports multiple users, and is designed to be used by multiple users at once. Linux has the ability to set executables to a certain UID (user ID) or GID (group ID) (I think that requires support in the filesystem to set that bit, that _could_ be done in ACLs?). When a file is set UID/GID, it will be run with that user's/group's privileges. This is often used for things that must be run as root, like 'su' and 'sudo' (su stands for 'switch user', it allows you start a shell (like BASH) as that user, sudo allows certain users to be able to run certain commands as a certain user, sometimes with password authentication, sometimes its not required for that specific command).
From what I've read 'Run As' doesn't actually work all that well, if thats true, the ROS devs probably wouldn't have that hard a time to do it better.
I'm about to start a class on MS Visual C++ (which will be good for learning the Windows API, I've only done C++ in Linux), I'm also in the process of learning C so I hope I'll be able to contribute some actual code eventually.
Who is online
Users browsing this forum: Bing [Bot], Yandex [Bot] and 14 guests