|
|
Subscribe / Log in / New account

Does Linux support multi-user?

Does Linux support multi-user?

Posted Jul 16, 2011 20:47 UTC (Sat) by geuder (subscriber, #62854)
In reply to: Does Linux support multi-user? by kleptog
Parent article: Reactive vs. pro-active kernel security

> I don't see how this follows.

Elementary privacy.

> able to see other people's processes and see who has a home directory just isn't an issue.

Depends on what kind of service you build. For many kinds of services privacy is a must. If you offer some kind of hosted computing or thin client server, it's just not acceptable that different customers see each other. Even within 1 company you might be legally obliged to maintain 100% isolation.

> Achieving that would require far more invasive changes for,

Probably, I have not thought very well about all the open "windows" we have today.

> as far as I can see, zero benefit.

The benefit would be that you can build a multi-user system with complete isolation on a single kernel.

> If you want that kind of isolation, use VMs.

Of course that's what I have to do today because Linux is not multi-user (if strict privacy is required). But the overhead of running VMs is orders of magnitudes higher than of having the isolation inside a single kernel.

Please note that I did not say we need multi-user support.

I'm just saying:

- Multi-user support (where user is a human, not some daemon account in the system) in 2011 requires privacy
- Linux is not multi-user in that sense, it is multi-user in the sense of the 1970s or 80s
- Because the difference is not made obvious, some people write patches, which others don't accept.
- Those who don't accept the patches, don't (dare to?) say clearly that their goal is to support single user systems only.

to post comments

Does Linux support multi-user?

Posted Jul 16, 2011 21:06 UTC (Sat) by dlang (guest, #313) [Link] (1 responses)

by your definition, there never has been a multi-user operating system

you are redefining the term

Does Linux support multi-user?

Posted Jul 16, 2011 23:43 UTC (Sat) by geuder (subscriber, #62854) [Link]

> by your definition, there never has been a multi-user operating system

Could be. Requirements have changed a lot in the last 10-15 years. Privacy was not such an issue before, when computing was mainly about engineering. How many new operating systems have appeared in the last 10-15 years?

Hmm, thinking twice... As a matter of fact I'm not sure whether the NT kernel supports it. At least it has more fine-grained priviledges than Linux. No idea whether http://msdn.microsoft.com/en-us/library/bb530716%28v=vs.8... is a complete list, I thought I had seen even more when using ProcessExplorer[1] some years back. And what about SELinux or grsecurity? Haven't looked at them in detail, but at least http://grsecurity.net/ lists:

> A restriction that allows a user to only view his/her processes

Maybe your claim wasn't correct after all?

[1] http://technet.microsoft.com/en-us/sysinternals/bb896653 Great tool BTW for everybody curious about operating systems. Haven't seen an equivalent one in Linux.

Does Linux support multi-user?

Posted Jul 17, 2011 19:37 UTC (Sun) by raven667 (subscriber, #5198) [Link] (10 responses)

Just one point of fact, the cost of running VMs is not "orders of magnitude" higher than running on a single system image, it's maybe 1-5% on the high side.

There are technologies in Linux like containers and all the namespaces support that's been worked into the kernel over the years to support the kind of isolation you are talking about. It's my understanding that container based virtualization is all about running multiple isolated instances of the userspace environment on a single kernel system image.

One thing that is probably missing is some easy configuration interface to do what you want for isolating users, all the infrastructure is probably there but the tools to use it the way you want may not be.

Does Linux support multi-user?

Posted Jul 18, 2011 0:30 UTC (Mon) by mathstuf (subscriber, #69389) [Link] (2 responses)

So, if I'm reading this right, Linux now has an analogue to FreeBSD jails, but is just lacking the tools to manage them easily?

Does Linux support multi-user?

Posted Jul 18, 2011 9:45 UTC (Mon) by Klavs (guest, #10563) [Link] (1 responses)

Linux had vserver (an external patch) for many years - but finally a solution in the mainline has come about - called lxc (Linux containers) - http://lxc.teegra.net/ - it's actually pretty easy to setup IMHO

Does Linux support multi-user?

Posted Jul 18, 2011 16:45 UTC (Mon) by geuder (subscriber, #62854) [Link]

> but finally a solution in the mainline has come about - called lxc (Linux containers)

True, I forgot completely about that one. We have actually used it here in one project, but to isolate only one "untrusted guest" from the host system. Haven't thought about running tens of containers, but I could imagine that the overhead is pretty low especially compared to VMs.

But lxc would not help to get more consensus about these security "issues" this discussion started from. If the kernel were affected by some information disclosure or denial of service issues, in many cases the issue would not be limited to processes running inside the same container.

So the nice argument that within one container we can just talk about a single user system and don't worry that much about about information disclosure/denial of service/pro-active security would just not apply to many cases. No free lunch this time either :(



Does Linux support multi-user?

Posted Jul 18, 2011 16:25 UTC (Mon) by geuder (subscriber, #62854) [Link] (6 responses)

> Just one point of fact, the cost of running VMs is not "orders of magnitude" higher than running on a single system image, it's maybe 1-5% on the high side.

You mean in terms of CPU overhead, when a small number of VMs is running? I can agree. That's what I do here on my desktop all the time, because I want to run both stable versions and bleeding edge versions of different distros on the same machine.

But suppose I want to build a multi-user system. I could have e.g. 1000 accounts with some 50 of them logged in concurrently. Not an issue with a single kernel resource wise (depending on the HW of course). But running 50 VMs just to get stronger privacy??? Or even 1000??? (With the 50 VM variant I'd still need some kind of "session router", to make sure everybody logging in get a VM for his own. Doesn't sound very standard if there isn't some miracle package for this purpose out there I might have missed.) Don't see your 1-5% here, I would call it no way you do that with VMs for any reasonable price or HW.

Or maybe you can? I have seen at least one 64GB server. 1GB for every VM, you could already support more than 50 VMs without even sharing common pages or swapping. But I think the overhead on memory consumption is 10s of percents, not 1-5%. And I guess the price curve for server memory in that size is not linear. (Haven't bought anything over 4GB myself, so not sure)

Does Linux support multi-user?

Posted Jul 18, 2011 17:51 UTC (Mon) by raven667 (subscriber, #5198) [Link] (4 responses)

Actually what you are describing is currently one of the hot areas in VM systems right now, virtual desktop deployments. My guess, based on your comment about 64GB servers, is that you haven't much exposure to "Enterprise" VM systems like ESX, Xen or KVM. Just for a point of reference I dug around and looked at some ESX 4.1 VDI desktop benchmarks. The benchmark I found was for the storage system but the test harness they used had a density of 78 VMs/server (dual socket/6-core 96GB RAM, pretty average) and they could have gone higher but they wanted low latency and low memory/cpu contention. The VMs in the test were running Windows.

So your example of 50 VM hosts that there is no way you could do this isn't true, running desktop VMs at that level of density isn't even cutting edge and can be done on a modest dual-socket system, probably worth around $10-15k whereas 78 $500 desktops would be almost $40k.

In fact from a security perspective running desktops as virtual machines has some other benefits too in that may systems are run from snapshots off a central, read-only system image so infected machines can be easily and completely rolled back to a known good state.

Does Linux support multi-user?

Posted Jul 19, 2011 3:51 UTC (Tue) by dlang (guest, #313) [Link] (1 responses)

A $500 desktop system will be considerably more powerful than 1/50th of a 12 core box with 1G ram. for that matter, a $200 server will probably beat that.

remember that the users still need to have a machine with a display and keyboard.

the advantage of virtual desktops isn't hardware savings, it's centralized management/backup/etc

Does Linux support multi-user?

Posted Jul 19, 2011 16:19 UTC (Tue) by raven667 (subscriber, #5198) [Link]

Yeah it would be more powerful in aggregate but it would also mostly go to waste being idle 99% of the time.

Yes, there needs to be something at the desk to display output but you have more flexibility on quality and speed, buying cheaper machines, keeping existing old machines or even allowing users to bring their privately-owned systems to use for display only.

Yes, the centralized management is a huge win for virtualization. I also wanted to point out that it isn't cost-prohibitive as well.

Does Linux support multi-user?

Posted Jul 19, 2011 14:21 UTC (Tue) by geuder (subscriber, #62854) [Link] (1 responses)

> My guess, based on your comment about 64GB servers, is that you haven't much exposure to "Enterprise" VM systems like ESX, Xen or KVM.

True. Well, I got access to the 64GB for free already 2 years ago because it was kind of surplus for the owner organization. So I could have thought that it was no longer a high end machine.

Just checked the first Dell offer I could find and 96GB were 4000 EUR. Indeed cheaper than I thought, but still some 50 EUR per user just for RAM in such a VM installation.

But if I get your point right, you say it's getting that cheap that we can stop worrying about a single Linux being suitable for multiple users with privacy/security requirements. Just use VMs in that case.

Does Linux support multi-user?

Posted Jul 19, 2011 16:38 UTC (Tue) by raven667 (subscriber, #5198) [Link]

Yes, right now that might be the simplest way to achieve the kind of separation you are looking for for multiple users. It's totally do-able, the infrastructure is there, it's even fashionable.

Now I will point out that running multiple OS kernels in a VM environment isn't the goal, hardware memory managers support strong separation but it's just currently easier to separate jobs into different OS kernels than build and configure the same level of separation within one OS kernel. Sooner or later we will get per-process checkpointing and live migration as well as containers and namespaces such that you will have a single system image across a cluster of machines which will have better scheduling and visibility of resources.

Does Linux support multi-user?

Posted Jul 18, 2011 23:29 UTC (Mon) by njs (subscriber, #40338) [Link]

> But suppose I want to build a multi-user system. I could have e.g. 1000 accounts with some 50 of them logged in concurrently. Not an issue with a single kernel resource wise (depending on the HW of course). But running 50 VMs just to get stronger privacy???

I think you missed the part of his comment where he clarifies that he's talking about container-style virtualization (vserver/lxc), not emulated-hardware-style virtualization (kvm/xen).

You can indeed have 50 "VMs" that are all running under the same kernel, with almost no overhead versus running all the same processes in a single "VM". (The information about which VM each process belongs to is just some extra bits in the task struct in the kernel.)


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds