Indeed, I've been having this conversation with the junior engineers on my team. UNIX was designed for the days when computers - and the operating system - were shared resources, and each individual's permissions to it had to be strictly defined and controlled. Nowadays, we have users as a vestige, and partially as a hindrance, especially where our applications in production are all single processes deployed in containers.
But anyway, it at least gives them the context on why they're working on these projects to not make containers run as root.
These days if the device is expected to be ~always internet-connected (increasingly a safe bet) it probably makes more sense for both the developers and users to handle multiple users with a remote identity provider (email, individual account for the particular service, etc.) rather than implementing identity per-device. I'm pretty sure gaming consoles have had support for this for a long time (at least since xbox 360?), and Microsoft is moving towards this model with Windows. And Microsoft Active Directory is 25 years old.
I personally find it annoying to be forced to use remote identity for devices used by me exclusively, but it makes a lot of sense for shared devices. I'm pretty sure a large portion of people sharing one kind of device would also using be using other devices for the same purpose (eg a kid with divorced parents, a school or office or library with laptops available to be checked out, a tablet used for logistics), so they'd want their data to sync across devices. Handling identity per-device works for local-only files, but also makes it so users need to manually and deliberately configure some kind of syncing if they really do want those files to be available across devices, which to technical people is NBD, but most users aren't technical. It's also just a more secure way to manage data in a corporate setting.
Of course, not every shared device can be expected to always be connected to the internet, some people don't want to back things up remotely for a variety of reasons, and this doesn't matter as much for devices only used by one person. In practice I personally hate how much Microsoft begs and nudges you into this setup even if you're the only one using your computer. But for the majority of users in the majority of cases, remote identity is probably better than local identity, and in the absence of internet it can always fail-open to local identity.
Remote identity only works well when paired with cloud storage; otherwise, you have a recipe for confusion. It works for game consoles because the scope of what needs to be stored in the cloud per-user is reasonably limited. It is problematic for PCs because the remote identity service is free but the free tiers of OneDrive, iCloud, etc. are too limited to actually hold all of the user's data, and it's hard to clearly delineate what is or isn't synced when taking a mixed approach. Even smartphones have these problems, usually around text messages and full-resolution photos.
It's much better for users to stick with a solution that's simple enough for non-technical users to have a chance of forming an accurate mental model and and have correct expectations about the availability and safety of their data. But that approach doesn't make it as easy to bundle and upsell subscription services, so that's not the usage model commercial operating systems try to promote.
No, I still prefer remote identity even ignoring "cloud" storage.
It is nice having my desktop session just be able to negotiate the permissions with my NAS seamlessly without needing to have a separate user account for the NAS. Same with accessing file shares on any of my devices.
On top of that it's also nice having that same identity work across all of my computers. When I change my password on one computer it is changed on all the computers I use. I never have to think "what was the password for this computer again?" The same account on my gaming PC is the same account on my personal laptop, my main home server, my wife's tablet when I use that, other gaming PC's at friend's houses, etc.
Personally, I really prefer using an IdP in my personal life, especially when its pretty stupid simple to set up and use. It can make a lot of things easier.
The kind of remote identity you're describing is what you can get with something relatively simple like LDAP. Unfortunately, that's not at all like what consumer operating systems are trying to support. Using a Microsoft account or iCloud account doesn't get you the easy NAS access, but does come with lots of other baggage.
"Relatively" simple. Save for getting access at different locations where there's no VPN connectivity between. I don't think it's usually recommended to have your LDAP endpoint public. And running an LDAP host is probably beyond most users, but basic home users can easily make a Microsoft or iCloud account.
And yes, using my Microsoft Account gets me pretty easy access to my NAS. I just grant permissions to MicrosoftAccount\me@hotmail.com and I get permissions. I just set it to MicrosoftAccount\my_wife@outlook.com and it works. I just grant it to MicrosoftAccount\my_friend@gmail.com (Microsoft accounts can be tied to any email) and it works.
I don't really experience much baggage though. Running an LDAP server to do it all comes with far more baggage and management woes for a home deployment. Trust me, I did it for many years before Windows 8+ was widespread. Domain trusts to log into friend's and family's computers with my account was pretty complex to manage and maintain along with actually bothering with site to site VPN connectivity. And when that one friend manages to wipe his forest root without backups...oof.
> And yes, using my Microsoft Account gets me pretty easy access to my NAS. I just grant permissions to MicrosoftAccount\me@hotmail.com and I get permissions. I just set it to MicrosoftAccount\my_wife@outlook.com and it works. I just grant it to MicrosoftAccount\my_friend@gmail.com (Microsoft accounts can be tied to any email) and it works.
What NAS, exactly? And how does it handle non-Windows clients?
What you're describing doesn't seem to be something that eg. run of the mill Samba offers, and it's something that Microsoft seems to be changing with every major version of Windows.
> Save for getting access at different locations where there's no VPN connectivity between.
A small low power x86 Windows box. Used to be an older gaming PC, swapped for a lower power CPU with integrated graphics. Runs storage for an array, VMs, containers, video transcoding, etc.
Non-Windows clients can also log in with local accounts or with that same MicrosoftAccount realm login username/password. I've used some Pi's and other Linux boxes mounted that way in the past.
But it seems like it's decently well supported in Samba to auth like this though. I'm not sure what happens when their Microsoft account password changes though.
Getting access to the LDAP server to handle auth. If I hop on my friend's spare computer at his house, how is it going to reach out to my LDAP server at home?
Same thing when I'm hopping on my dad's computer, or if he wants to use mine when he's visiting. This way we can just use our own logins and have access to our own files, resources, settings, etc. Regardless of whatever computer we're using. If I want him to copy his recent trip photos to the archive when.he comes over he can drag and drop them into the network share on the NAS with his own credentials on his own computer, as I've granted his Microsoft account access to write to the family photos. He doesn't need to remember his password to my NAS, his desktop login is his auth. Same when I'm at a friend's house and on his computer. I just want to pull some big file off my laptop over the network, I can just open up my shares on my laptop and grab whatever. I don't need a separate login to manage.
There's so much stuff that's just so smooth and seamless using an external, managed, widely shared IdP to handle identity management. Some negatives and risks, no doubt. But to me, it's a worthwhile trade off given how easy it makes these kinds of workflows I encounter daily.
> It is problematic for PCs because the remote identity service is free but the free tiers of OneDrive, iCloud, etc. are too limited to actually hold all of the user's data
Not just that but bandwidth constraints as well. Especially upload bandwidth. I might have 1Gb/s down but I have only like 40Mb/s up.
Even if I could make the device file system sparse and pull what it needs on demand, that stuff still needs to get uploaded initially. And on many internet connections, depending on the user content, it could be a while before the whole thing makes it into the cloud.
But anyway, it at least gives them the context on why they're working on these projects to not make containers run as root.