RFC: Snappy shell

Jamie Strandboge jamie at canonical.com
Mon Jun 15 16:15:20 UTC 2015 

On 06/15/2015 10:50 AM, Loïc Minier wrote:

...

> This user experience would be delivered by the main “snappy” binary when it’s
> launched as “snappy-cli” as the basename of argv[0]. If this feature is not
> enabled by default, or from a shell, you would run “snappy cli” to start an
> interactive snappy shell session. NB: cliis to avoid confusion with the
> shellcommand to run a command or an interactive shell.
> 
> 
> SSH integration could be done in multiple ways:
> 
>  1.
> 
>     integrate a SSH server in snappyitself; I don’t know how hard this is in go
>     today; this might be a worthwhile exercise long-term to get a smaller rootfs
> 
Please let's not do this-- ssh is absolutely critical to get right and we want
to be using an industry-standard, widely used and supported implementation (ie,
OpenSSH).

>  2.
> 
>     configure SSH server and login to always start /bin/snappy-cliinstead of the
>     user’s shell, then lookup the user’s shell in the passwddatabase to run the
>     preferred shell with “snappy shell”
> 
>  3.
> 
>     (preferred) configure the user’s shell to /bin/snappy-cliand create a new
>     snappy-only ubuntu-core config for the preferred interactive shell (defaults
>     to /bin/bash); drawback: this would be system-wide as we don’t have per-user
>     configs
> 
We also don't have a way to add users at this time. Seems like we set up the
snappy user's shell to this and have snappy-cli as an available option in
/etc/shells so that in the future new users can use this shell?

That said, it isn't clear to me what access controls will be in place for this
shell. Will it somehow integrate with sudo? polkit? Something else? I guess this
is the 'allowed-cli-commands' you referenced earlier? It is probably wise to be
thinking about future Ubuntu Personal GUI interfaces/acls when designing these
acls. Perhaps until this is defined, require something else from the user to be
able to use it-- eg, perhaps require the user is in the admin group.

-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20150615/1af8c539/attachment.pgp>

More information about the snappy-devel mailing list