From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pjotr Prins Subject: Re: [RFC] A simple draft for channels Date: Fri, 19 Jan 2018 14:56:58 +0100 Message-ID: <20180119135658.GA5944@thebird.nl> References: <87bmhq6ytg.fsf@mdc-berlin.de> <87d1263qzt.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:52589) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ecXDQ-0007Hv-CO for guix-devel@gnu.org; Fri, 19 Jan 2018 09:00:21 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ecXDM-0006nH-Ee for guix-devel@gnu.org; Fri, 19 Jan 2018 09:00:20 -0500 Content-Disposition: inline In-Reply-To: <87d1263qzt.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Ludovic =?iso-8859-1?Q?Court=E8s?= Cc: guix-devel@gnu.org, Ricardo Wurmus On Fri, Jan 19, 2018 at 02:41:42PM +0100, Ludovic Court=C3=A8s wrote: > Authorizing keys is necessarily limited to root since the store is > shared among all users of the machine. I don=E2=80=99t see any way aro= und that Well, the daemon could update itself with its own privileges. How about maintaining authentication for a channel at runtime in RAM. When the daemon restarts it is lost. The channel will not be shared with other users. So every user maintains their own channels. When a channel reconnects it authenticates itself again. There really is no reason to share individual channels between users (other then their outputs). Pj.