[JdeBP]

I don't know. This was a very early description of how it would work that I read, a long time ago.

Thinking it through as a thought experiment, the way that I'd do it, a process with no credentials would not be able to open anything for write access and only a limited number of things for execute access, and be limited to a minimal amount of read access. One does not have to follow the POSIX model when one is introducing something so definitely outside of it as a process with no user/group IDs (perfectly fine as far as raw Hurd is concerned).

There was precedent for such ideas. On Novell Netware, MS/PC/DR-DOS clients could access only one server directory, containing the LOGIN program, until they had logged their machine on.

[Joker_vD]

Okay, so basically something like Windows's "Anonymous Logon" SID, which doesn't belong to the Authenticated Users group: it's the group that's normally associated with the default Write permissions; the Users group has only read-only access.

[JdeBP]

That sort of idea, yes.

I've just done some research and it looks like the Debin Hurd people did attempt to actually implement this. I just never heard about it. There was a 'login shell' and a 'nouser'. The latter had am empty set of IDs, and this case (optionally) switched to an extra set of rwx permission bits that existed specifically for determining 'nouser' access.

* https://groups.google.com/g/linux.debian.ports.hurd/c/2rCbPl...