Date: Mon, 23 Aug 1999 18:42:50 -0400 (EDT) From: Chuck Robey <chuckr@picnic.mat.net> To: Garance A Drosihn <drosih@rpi.edu> Cc: Ville-Pertti Keinonen <will@iki.fi>, Greg Lehey <grog@lemis.com>, hackers@FreeBSD.ORG Subject: Re: Mandatory locking? Message-ID: <Pine.BSF.4.10.9908231839440.49952-100000@picnic.mat.net> In-Reply-To: <v04210102b3e751851659@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 23 Aug 1999, Garance A Drosihn wrote: > At 11:29 AM -0400 8/23/99, Chuck Robey wrote: > >I think mandatory locking should exist, but only be available to root. > >If a program needs this, it must run with root privs, so that ordinary > >users cannot wedge the machine, but (as usual) root can shoot himself > >in the foot (traditional Unix methodology). > > I don't think we want to force people into running their program as > root just to get mandatory locking. Perhaps there would be a program > with root-privs which would have to be run to register files which > will have mandatory locking, but the program which manipulates those > files shouldn't have to run as root. There are other ways to access the rights, such as sockets, pipes, etc. You write a server which runs as root and can lock, and the clients, running with clients privs, make service requests. If you restrict locking to root, then even if someone manages to wedge his machine, he's not doing anything that an idiot with root and the rm command can't do much worse. I think Garrett's fears are of folks unwittingly wedging machines too easily, so real mandatory locking ought to be restricted to programs that root can set up. > > > --- > Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu > Senior Systems Programmer or drosih@rpi.edu > Rensselaer Polytechnic Institute > ----------------------------+----------------------------------------------- Chuck Robey | Interests include any kind of voice or data chuckr@picnic.mat.net | communications topic, C programming, and Unix. 213 Lakeside Drive Apt T-1 | Greenbelt, MD 20770 | I run picnic and jaunt, both FreeBSD-current. (301) 220-2114 | ----------------------------+----------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9908231839440.49952-100000>