Sortix isn't secure for multiuser yet as of this writing -- so to be up front about it, any user can setuid(2) to root with no check.
-
-
Absolutely. I do need account separation to work. But the 1 user = 1 account is a bit outdated now that we run partially trusted apps.
-
Still, I'm doing the traditional thing first, it has predictable results. I'd like to explore other account models though in the future.
-
One of the thoughts I toyed with was subusers, where there's a main user that's like root to a set of subusers. Each app is a subuser then.
-
Representing that is easy enough as uids, the harder part is how it interplays with filesystem permissions and ownership.
End of conversation
New conversation -
-
-
My POV is precisely that containers succeeded because they cba to do multiuser. It's a low-effort, resource-wasting approach.

-
Multiuser has a huge amount of coupling & attack surface between users that's usually entirely unneeded.
-
and so the solution is to duplicate the whole environment for every service? What happened to thrifty resource usage?
-
Most such costs are artificial and by bad OS design. Also no need for per service. It's per-privilege-domain.
-
dalix when?
I'd love to see the white papers tbh.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.