Linux Symposium

July 13th-16th, 2010
Ottawa Westin
Ottawa, Canada

Register / Login / Submit Proposal

Presentations Keynotes Summits
Lightning Talks

Event Details Schedule
Travel & Hotel




Unprivileged login daemons in Linux

Jonathan T Beard (

Login daemons require the ability to switch to the user ID of any user who may legitimately log in. Linux provides neither a fine-grained setuid privilege which can be targeted at a particular user ID, nor the ability for one privileged task to grant another task the setuid privilege. A login service must therefore always run with the ability to switch to any user ID.

Plan 9 is a distributed operating system designed at Bell Labs to be a next generation improvement over Unix. While it is most famous for its central design principle - everything is a file - it is also known for simpler user ID handling. It provides the ability to pass a setuid capability - a token which may be used by a task owned by one user ID to switch to a particular new user ID only once - through the /dev/caphash and /dev/capuse files. Ashwin Ganti has previously implemented these files in Linux. His p9auth device driver was available for a time as a staging driver. We have modified the concepts explored in his initial driver to better match Linux user ID and groups semantics. We provide sample code for a p9auth server and a fully unprivileged login daemon. We also present a biased view of the pros and cons of the p9auth filesystem.

Gold Sponsors
Silver Sponsors
Bronze Sponsors
Wireless Networking

register | call for papers

Copyright © 2010 Linux Symposium Inc. All rights reserved.
Linux is a registered trademark of Linus Torvalds.