alt Hacker NewsOne interesting idea, never realized that I know of, was for Hurd. The idea was that 'login' would be a simple utility program. One started a session with no user credentials, and ran 'login' as a command to add credentials to already running processes.
This was not at all how Unices worked, of course, which is likely why it never happened. On Unices it would have needed some sort of shared process credentials structure that could be augmented in place by a privileged process. On the Hurd, it would have required an extra method implemented by the auth server.
On my machines, login is not run any more. It's just a PAM client that provides a very dumb paper-compatible cooked mode terminal user interface, after all. I thought for a long time about writing a PAM client that had a better full screen TUI interface that assumed (gasp!) video terminals. So eventually I did just that.
Replies
It would be very interesting if you could accumulate privileges by stacking logins. So `login a; login b` gave you both a and b privileges. `logout a` would drop a's privileges but keep b's.
That is how Lisp Machines worked.
> One started a session with no user credentials
And what would the effective permissions be? The access to any file would be done according to the "other" permissions bits or?.. Because if yes, then that'd be an interesting way to escape user-based quotas, you know.