Manuals/authrights

From Minux Wiki
Jump to navigation Jump to search

this manual will try to explain user rights on a computer networked with AUTH

the first part talks about users and groups, the second part about system ownership. examples in the bottom.


users and groups

users have a username and password, this is how individuals are indentified, each person should have one user, while you could share a user there is no reason to do so.

users can have rights assigned to them by an admin, or by being an admin themself, when the auth server checks if a user is granted access it is the username that matters most.


Groups are groups of users, rights can be assigned to entire groups wich can be altered by their creator at any time, multiple systems can make use of the same group making user access to entire groups of users on multiple computers much easyer to control.


System ownership:

the networked system can run in 2 modes, "unowned" or public systems, and "owned" systems.


public - no owner - default setting

on a public system, only network admins count as administrators, users as regular users, this is rather straight forward.

linked software will also behave like this since they log in with the requesting users's credentials

nothing is needed in this mode, any valid user can log in and perform user operations, network administrators count as system admins.


owned systems - claiming computers

on owned systems, the user that registered this system counts as an admin, they can install/remove software and do other local administrative tasks, they own this system. they can also whitelist a group of users (optional!) that grants user access to this computer. any other user is denied access to this system.

the networked "door" program uses these same rights to check the user requesting to open it's door, so on an owned computer a whitelisted (group member) friend can open the door while a random user can't, on a public computer all users can open the door. if you can log in on the terminal you can open the door.


to claim a computer, run the following command, replace computername with the name of the system and optionally add a group to be whitelisted as users.

"auth-client setowner computername groupname"

the user logged in is now owner/admin and can perform admin tasks, so can administrators.

if a group was provided, members of said group gain user access.


examples:

the system called "frontdoor" is not owned, who is admin and who can log in/open the door?

network admin users can log in as admin, no one else.

network users can log in as users.

the system called "bedroomdoor" is owned by the user called dave, dave did not whitelist a group. who is admin and who can log in/open the door?

network admin users can log in as admin, dave can log in as local admin to do tasks on this particular computer.

no one else can log in at all.


Example2:

the system called "officecomputer" is owned by the user called dave, dave whitelisted his friends in the group called randos,

jacob and silvia are members of randos, who is admin and who can log in/open the door?

network admin users can log in as admin, dave can log in as local admin.

jacob and silvia can log in as users

no one else can log in at all.


note: because any unowned computer can be claimed by any user, it's highly advised NOT to run a computer with open shell or default software to operate devices in open sight. eg: a door with public acces could get "stolen" if someone can get behind it's keyboard, make sure it's safe from access.

it was either this or not being able to claim any computer at all for regular users...

Retrieved from "https://minux.cc/wiki/index.php?title=Manuals/authrights&oldid=666"