Aucbvax.4557 fa.unix-wizards utzoo!decvax!ucbvax!unix-wizards Tue Oct 20 05:18:39 1981 Re: group id's and UNIX protection >From ihnss!cbosg!cbosgd!mark@Berkeley Tue Oct 20 04:49:28 1981 I see at least two problems with Walton's proposal. First, if you are using UID's only for accounting and GID's for personal file security, then each user has to have his own group. Adding in real groups, there have to be more groups than users. This eliminates the obvious implementation, namely having 32 groups, one bit per group in a GID word. You would have to allow at least 2048 groups, probably 4096. That's .5K of memory added to each user structure. The alternative, keeping a list, is ugly and probably inefficient. Second, it doesn't solve the problem of source file protection. A typical system that has read its Bell License and wants to live up to it finds itself in the following boat: there is one class of users who is always working on programs in /usr/src and needs write permission in that directory and its subdirectories all the time. There is another class of users who needs read permission but whom you don't want to give write permission. Then there are the run of the mill users (especially uucp) that aren't allowed any access to the sources at all because they might steal them and violate the license. This second problem can be solved neatly, however, by noting that current files have UID and GID protection fields. Since UID's aren't used for security any more, you throw out this field. Or do you? Why not just make it a second GID field? Then you would have two gid fields, call them primary and secondary - you try the primary and if that doesn't match any current GID you try the secondary. Primary might have more priveledges, such as write permission. ----------------------------------------------------------------- gopher://quux.org/ conversion by John Goerzen of http://communication.ucsd.edu/A-News/ This Usenet Oldnews Archive article may be copied and distributed freely, provided: 1. There is no money collected for the text(s) of the articles. 2. The following notice remains appended to each copy: The Usenet Oldnews Archive: Compilation Copyright (C) 1981, 1996 Bruce Jones, Henry Spencer, David Wiseman.