User Rights

date: 2009-04-28

archive_section: project-beyond

tags: software

The user rights system that is used by nearly every Linux distribution out there isn’t fine grained to say the least. In fact I’d say Windows has more fine-grained user right options than Linux currently does. There are three types of users: users that cannot become root, users that can become root, and root. So you can either do nothing, type in your password an extra time and do whatever you want, or do whatever you want whenever you want. Not ideal. The solution is a bit involved and roughly based on the MediaWiki access rights model, I think. Each user is given certain rights based on pre-set, or otherwise, user profiles that are, in turn, based on a number-based rights system and plus-, or minus-, codes. The number based rights system roughly defines user access on a scale of 0 to 5.

Bots add an extra layer of protection to the system. Each system process, or group of processes, is executed by a user-type called a bot. Bots are system users. They have complete access to the files and directories they are associated with and Level 5 user can use bots to modify crucial system files. Bots are given access to their associated files and directories via plus- and minus- codes. Plus- and minus- codes grant a specific type of access in addition to user level rights. These codes can also have levels. They should have the following syntax:+[code name]-[#] -[code name]-[#]The level number, 0 to whatever, allow plus- and minus- codes to give fine-grained access control in addition to the general user level rights system. Some examples of plus- and minus- codes are as follows:+songbird +package_manage-3 -konquerer -shared_files-0 etc…