Date: Tue, 17 Jun 1997 00:24:32 -0500 From: "Drew Derbyshire" <ahd@kew.com> To: hackers@freebsd.org Subject: granting auth to processes Message-ID: <33a61180.kew-sonata@sonata.uucp.kew.com>
next in thread | raw e-mail | index | archive | help
It's not so much the shared library vs. server which concerns me, but
levels of access granted. If every program didn't need full root access
to change the effective user, it's not as big a problem.
Consider it's the multiple levels of access needed to a set of files:
User O can create or delete file
Group A can read/write existing files
Group B can read existing file
Group C can write existing file
Others have no access
UFS does not allow this in a trivial fashion, because it has a finite
number of permission bits. Likewise I somewhat object to a model which
only has root/noroot as classes of API access, because it leads to the
wrong amount of priv granted.
--
Internet: ahd@kew.com Voice: 617-279-9810
"OSI: Same day service in a nano-second world." - Van Jacobson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?33a61180.kew-sonata>