From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ricardo Wurmus <rekado@elephly.net>
Subject: Re: [RFC] A simple draft for channels
Date: Tue, 23 Jan 2018 07:38:46 +0100
Message-ID: <87vaftyt8v.fsf@elephly.net>
References: <87bmhq6ytg.fsf@mdc-berlin.de> <87d1263qzt.fsf@gnu.org>
	<20180119135658.GA5944@thebird.nl>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:39537)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rekado@elephly.net>) id 1edsEv-0001UK-II
	for guix-devel@gnu.org; Tue, 23 Jan 2018 01:39:26 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rekado@elephly.net>) id 1edsEt-0008RG-8M
	for guix-devel@gnu.org; Tue, 23 Jan 2018 01:39:25 -0500
Received: from sender-of-o51.zoho.com ([135.84.80.216]:21035)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <rekado@elephly.net>) id 1edsEt-0008Qq-1Q
	for guix-devel@gnu.org; Tue, 23 Jan 2018 01:39:23 -0500
In-reply-to: <20180119135658.GA5944@thebird.nl>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Pjotr Prins <pjotr.public12@thebird.nl>
Cc: guix-devel@gnu.org, Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de>


Hi Pjotr,

> On Fri, Jan 19, 2018 at 02:41:42PM +0100, Ludovic Court=C3=A8s wrote:
>> Authorizing keys is necessarily limited to root since the store is
>> shared among all users of the machine.  I don=E2=80=99t see any way arou=
nd that
>
> Well, the daemon could update itself with its own privileges.

I think Ludo=E2=80=99s point is that this is a security issue, not a techni=
cal
limitation.

> How
> about maintaining authentication for a channel at runtime in RAM. When
> the daemon restarts it is lost. The channel will not be shared with
> other users. So every user maintains their own channels. When a
> channel reconnects it authenticates itself again.

It all ends up in the store though and is thus available to everybody.

> There really is no reason to share individual channels between users
> (other then their outputs).

Yes, channel configuration and state is kept in the user=E2=80=99s home
directory.  But authorization for downloading and installing substitutes
in /gnu/store currently still falls to root.

--
Ricardo

GPG: BCA6 89B6 3655 3801 C3C6  2150 197A 5888 235F ACAC
https://elephly.net