| ▲ | direwolf20 20 hours ago |
| Those are already unprivileged operations, but how does it start the initial process in that terminal with the correct privileges for a different user? |
|
| ▲ | charcircuit 19 hours ago | parent [-] |
| The kernel could authenticate the user before starting it. |
| |
| ▲ | direwolf20 19 hours ago | parent [-] | | How does it do that? | | |
| ▲ | charcircuit 17 hours ago | parent [-] | | There are many ways from passkeys to SAML. Though for complex methods we may want a dedicated services outside the kernel. | | |
| ▲ | direwolf20 11 hours ago | parent [-] | | How does that service get launched with the privilege to switch to any user? | | |
| ▲ | charcircuit an hour ago | parent [-] | | The kernel can start a process with any user it wants. The user doesn't have to switch during the process's life. |
|
|
|
|
