Uup OS - Security


Uup will have a Plan 9 inspired administration scheme. There will be several administration users for different administrative tasks. Even if the system is administered by one person who uses the same password for all the accounts, this is more secure than a single superuser. The reason being that the worst security holes allow the intruder to gain root access. If there is no such thing root, security threats will be lessened.

User level security is another issue. Anyone who has administered a Windows 2000 network knows the nightmare that security permissions can cause. On the one hand, you want to lock your users down. On the other hand, the more you lock the user down, the harder it is for them to function. Under Win2K, getting applications installed so that the user can use them can be a real pain.

The user should be in a kind of User play pen. The user should be provided with a safe environment.

User can modify everything in their Home directory. System wide applications are installed into /Applications, but should not expect to write prefs there. Should write all prefs to ~/Settings/Prefs/AppName/ The only exception should be installation dependant settings. These would be the most rudimentary settings needed to run the app, and they must be correct for every user! ie: if there is any situation where two users could want an option set different ways, it goes in ~/settings/Prefs/AppName/prefs


~/settings/Prefs/AppName/prefs --User definable settings, assume only read-only.

~/settings/Prefs/AppName/temp --App temp data. assume read/write.

/system/settings/Prefs/AppName/ --System wide settings, assume read-only.

User Login

Initial config settings: Workstation has server specified for user logins. User has a User Folder location specified. Also, the user can have the option for auto-backup of the user folder.

  1. Workstation boots up.
  2. Workstation connects to local network -- merge into system.
  3. User attemps login.
  4. Uup checks local login cache.
    Logs in user if found.
    If not, Uup checks User Login Server.
  5. Updates login Cache from Login Server.
  6. Uup links /users/username to the users actual folder if not local.
  7. User Login completes.
This should cover the main kind of user "types" in terms of login
  1. Uses one workstation.
  2. Uses many workstations.
  3. Uses laptop, laptop will be used when not connected to network.

Software licencing

Licencing API. -- Allows Apps to check with a licencing server. Allows commercial apps to make sure correct number of licences are being used.

Palmtop/Handheld security

There are three types in a security sense.

  1. Computer periphial. (Configured to work on one workstation)
    Has Own OS, connects to PC via direct connection.
    Security is based on connection to workstation.

  2. Stand alone. Accesses Uup Network through ClientOS gateways.
    Has Own OS, connects to network. Document sharring through WebDAV or somesuch.
    Security is handled by gateway services.

  3. Uup Client. (Login required)
    Runs UupOS, is part of Uup Domain.
    Security is handled by UupOS network.


Network Security

User Groups

In Uup, like other systems, users are members of groups. These groups provide permisions for file access as well as Subdomain and Workstation access. In other words, Subdomains and Workstations can be limited to certain groups. By default, Subdomains and Workstations are available to all users.

By access it is meant both that the user can/can't log into a specific Workstation and that a user can/can't access that workstation's file tree over the network (If he can, he's subject to the same permissions he would have if logged in locally.)

This should allow for strong granularity and ease of administration.

Workstation level security

There should be (nearly) automatic trust relationships established between workstations and the servers that make up the domain tree. When a workstation is first set up the administrator will likely have to add it to the domain with a password. It would then have a base certificate it could use when authenticating.

During normal boot up the sequence would be:

  1. Boot
  2. DHCP
  3. Authenticate with assigned subdomain.
  4. User logs in.