winscape 2293

snip

I think we're talking at cross purposes here. I was talking only about whether all users start off with the same configuration (including search path) or whether there is a sensible way to have different users start off with different configurations. I can think of various ways to address that, but I didn't mention any specifics. There was a follow-up post by Steve O'Hara where he mentions that some Unices have a notion of "login clbuttes" that could be used.

You seem to be talking about what's available in the way of controlling who has access to which files. The mention of 9 bits makes me think that TOPS-10, like traditional Unix, had a fairly simple scheme. Sometimes this is enough, sometimes it's not; when it's not .... Yes. The work you describe JMF doing sounds like an approach to providing something more complex-flexible.

snip

Translation problems again?

I think I must not understand what you mean by "a system disk area"? and "the computer systems' system disk area"? (and you did mean to put the apostrophe after "systems", right? meaning a disk area common to multiple systems?)

The distinction I'm trying to make here is between (1) files that are in some sense part of the infrastructure available to all users of the system -- the operating system itself and any additional software that's supposed to be available to all users -- and (2) files that are not part of this infrastructure, but are owned by a non-administrator user.

Now that I think about it, though, in some ways it's a distinction without a difference, since in all cases I can think of, a file's owner can decide what access other users have to it, including whether others can modify the file. The only real distinction might be between whether the files are owned by the superuser (category (1)) or another user (category (2)), but even there it's not a clear distinction, as sometimes system software is set up to be owned by some user other than the superuser (often a sort of bogus username, e.g., "mail" or "news", set up specifically so that something can be owned by someone other than the superuser).

Normally files in category (1) are found in fairly well-specified parts of the filesystem hierarchy (directoriesbin,usr-bin, etc.), while files in category (2) are found in other parts of the hierarchy (users' "home directories").

I don't know how, or whether, this maps onto the "system disk area" you mention.

No, of course not. (At first I thought you might have meant "is the only user of the system who *can" access these files", but that doesn't make sense to me either.)

This is not about read-execute access to files. There could easily be files owned by a user who no longer has access to the system, and those files could be accessible to other users for reading and executing.

winscape 2298
Fascinating. Thanks. The standard joke(s) about TSO make more sense now. When I was using it (mostly for preparing and...

However, the owner of the files might have set them up so that only he-she could modify them.

Setting aside the question of what should happen when no one needs these files any more (and the disk space they occupy should be reclaimed) ....

What should happen if the files make up some installed software package for which upgrades periodically become available? Should the upgrades be installed? How can this happen when the only person permitted to modify the files is gone? Wouldn't it make sense to transfer ownership of the files to some other user, one who will take on responsibility for doing any upgrades, and for deleting the files if-when they're not needed?

winscape 2296
No, a huge step forward - because ancient Unix didn't know about package management. Of course, back then you had probably a few thousand...

I think I don't understand what you mean by "PCitis". I buttumed you meant a single-user-system view of how computing is done -- no real awareness that there's such a thing as a system used by several people at the same time, no understanding of why it's useful to make a distinction between regular user and administrator, etc., etc. However, this whole debate seems to involve multiple users, which don't exist in the world I thought you meant by "PCitis", so ....

The "mess" is that the left-behind files no longer have an owner. If there is never a need to change these files, that might not be a problem, unless-until they are no longer in use by anyone. If there is a need to change them .... ? For example, consider files used by mailing-list software. Somewhere there are files that only the "moderator(s)" of the list should be able to modify. If there's a single moderator, and that person leaves, shouldn't there be a way for this role (and the accompanying write access to files) to be transferred to someone else?

It would surprise me to hear that an ISP would have no mechanism for doing something with files owned by former customers. "Doing something with" doesn't necessarily mean "deleting"; it might mean "transferring ownership to another customer". I suppose it's possible that if they have a *LOT* of disk space, and a fairly stable customer base, it might make sense for them not to worry about files that are no longer accessible to anyone, but it seems to me that even then one would want a way to periodically purge the system ....

Maybe it's PCitis to think that disk space is a finite resource. Maybe ISPs who start to get close to running out of disk space just buy another disk and hook it into a system designed to make that easy. Is that what you're thinking?

winscape 2294
before Good grief! Never on a timesharing system. We aren't talking at cross-purposes; all are part of delivering computing services to customers. Which is the heart of...

Are you thinking here of things like "banks don't have access to their customers' safety-deposit boxes"? because there too, I would think that there has to be a mechanism for access if the customer is no longer available. The policy might be that the bank doesn't snoop, and that would be a good policy, but there has to be a way to get into the customers' stuff if he-she is no longer available. What am I not getting here?

snip

Well, I didn't say that clearly ....

I interpret "only the sysadmin can fiddle in thoese places where system-wide stuff is expected to reside" to mean that only the sysadmin should be able to *CHANGE* files that make up part of the infrastructure used by everyone.

So, "system-wide stuff" is normally readable-executable by all users, but modifiable only by its owner (normally the superuser, but could be another user). How is this a bad design?

Other files, owned by non-syadmin users, can also be readable-executable by all users, but modifiable only by their owners.

What I think you're objecting to is the idea that *all* files are ultimately modifiable by the sysadmin. I would claim that this also is a sensible design, though a sensible sysadmin would as a matter of policy not mess with other users' files without their permission.

Also, having access to bits might or might not imply having access to the information they encode. Encryption would seem to me to offer an additional level of defense against snooping, even by sysadmins. (Admittedly a determined sysadmin could still snoop by attempting to crack the encryption scheme.)

-- B. L. Mbuttingill ObDisclaimer: I don't speak for my employers; they return the favor.

winscape 2297
recent thread on the subject in comp.arch. when we were having arguments about 3274 not providing interactive support ... the 3274 group effectively came back and said that...

List | Previous | Next

winscape 2294

Alt Folklore Computers from Newsgroups

The #1 Usenet Provider on the Internet

winscape 2292

PLEX86 x86- Virtual Machine (VM) Program


	CVS \| Mailing List \| Download \| Newsgroups

		winscape 2293 snip I think we're talking at cross purposes here. I was talking only about whether all users start off with the same configuration (including search path) or whether there is a sensible way to have different users start off with different configurations. I can think of various ways to address that, but I didn't mention any specifics. There was a follow-up post by Steve O'Hara where he mentions that some Unices have a notion of "login clbuttes" that could be used. You seem to be talking about what's available in the way of controlling who has access to which files. The mention of 9 bits makes me think that TOPS-10, like traditional Unix, had a fairly simple scheme. Sometimes this is enough, sometimes it's not; when it's not .... Yes. The work you describe JMF doing sounds like an approach to providing something more complex-flexible. snip Translation problems again? I think I must not understand what you mean by "a system disk area"? and "the computer systems' system disk area"? (and you did mean to put the apostrophe after "systems", right? meaning a disk area common to multiple systems?) The distinction I'm trying to make here is between (1) files that are in some sense part of the infrastructure available to all users of the system -- the operating system itself and any additional software that's supposed to be available to all users -- and (2) files that are not part of this infrastructure, but are owned by a non-administrator user. Now that I think about it, though, in some ways it's a distinction without a difference, since in all cases I can think of, a file's owner can decide what access other users have to it, including whether others can modify the file. The only real distinction might be between whether the files are owned by the superuser (category (1)) or another user (category (2)), but even there it's not a clear distinction, as sometimes system software is set up to be owned by some user other than the superuser (often a sort of bogus username, e.g., "mail" or "news", set up specifically so that something can be owned by someone other than the superuser). Normally files in category (1) are found in fairly well-specified parts of the filesystem hierarchy (directoriesbin,usr-bin, etc.), while files in category (2) are found in other parts of the hierarchy (users' "home directories"). I don't know how, or whether, this maps onto the "system disk area" you mention. No, of course not. (At first I thought you might have meant "is the only user of the system who can" access these files", but that doesn't make sense to me either.) This is not about read-execute access to files. There could easily be files owned by a user who no longer has access to the system, and those files could be accessible to other users for reading and executing. winscape 2298 Fascinating. Thanks. The standard joke(s) about TSO make more sense now. When I was using it (mostly for preparing and... However, the owner of the files might have set them up so that only he-she could modify them. Setting aside the question of what should happen when no one needs these files any more (and the disk space they occupy should be reclaimed) .... What should happen if the files make up some installed software package for which upgrades periodically become available? Should the upgrades be installed? How can this happen when the only person permitted to modify the files is gone? Wouldn't it make sense to transfer ownership of the files to some other user, one who will take on responsibility for doing any upgrades, and for deleting the files if-when they're not needed? winscape 2296 No, a huge step forward - because ancient Unix didn't know about package management. Of course, back then you had probably a few thousand... I think I don't understand what you mean by "PCitis". I buttumed you meant a single-user-system view of how computing is done -- no real awareness that there's such a thing as a system used by several people at the same time, no understanding of why it's useful to make a distinction between regular user and administrator, etc., etc. However, this whole debate seems to involve multiple users, which don't exist in the world I thought you meant by "PCitis", so .... The "mess" is that the left-behind files no longer have an owner. If there is never a need to change these files, that might not be a problem, unless-until they are no longer in use by anyone. If there is a need to change them .... ? For example, consider files used by mailing-list software. Somewhere there are files that only the "moderator(s)" of the list should be able to modify. If there's a single moderator, and that person leaves, shouldn't there be a way for this role (and the accompanying write access to files) to be transferred to someone else? It would surprise me to hear that an ISP would have no mechanism for doing something with files owned by former customers. "Doing something with" doesn't necessarily mean "deleting"; it might mean "transferring ownership to another customer". I suppose it's possible that if they have a LOT* of disk space, and a fairly stable customer base, it might make sense for them not to worry about files that are no longer accessible to anyone, but it seems to me that even then one would want a way to periodically purge the system .... Maybe it's PCitis to think that disk space is a finite resource. Maybe ISPs who start to get close to running out of disk space just buy another disk and hook it into a system designed to make that easy. Is that what you're thinking? winscape 2294 before Good grief! Never on a timesharing system. We aren't talking at cross-purposes; all are part of delivering computing services to customers. Which is the heart of... Are you thinking here of things like "banks don't have access to their customers' safety-deposit boxes"? because there too, I would think that there has to be a mechanism for access if the customer is no longer available. The policy might be that the bank doesn't snoop, and that would be a good policy, but there has to be a way to get into the customers' stuff if he-she is no longer available. What am I not getting here? snip Well, I didn't say that clearly .... I interpret "only the sysadmin can fiddle in thoese places where system-wide stuff is expected to reside" to mean that only the sysadmin should be able to CHANGE files that make up part of the infrastructure used by everyone. So, "system-wide stuff" is normally readable-executable by all users, but modifiable only by its owner (normally the superuser, but could be another user). How is this a bad design? Other files, owned by non-syadmin users, can also be readable-executable by all users, but modifiable only by their owners. What I think you're objecting to is the idea that all files are ultimately modifiable by the sysadmin. I would claim that this also is a sensible design, though a sensible sysadmin would as a matter of policy not mess with other users' files without their permission. Also, having access to bits might or might not imply having access to the information they encode. Encryption would seem to me to offer an additional level of defense against snooping, even by sysadmins. (Admittedly a determined sysadmin could still snoop by attempting to crack the encryption scheme.) -- B. L. Mbuttingill ObDisclaimer: I don't speak for my employers; they return the favor. winscape 2297 recent thread on the subject in comp.arch. when we were having arguments about 3274 not providing interactive support ... the 3274 group effectively came back and said that... List \| Previous \| Next



		winscape 2294 Alt Folklore Computers from Newsgroups The #1 Usenet Provider on the Internet winscape 2292