On Wed, 31 Jul 2019 at 13:29, Arthur Krewat wrote: > On 7/31/2019 12:49 PM, Rodrigo G. López wrote: > > Multics had modes per file (https://multicians.org/fjcc4.html) but i > > don't know about the origins. the simpler approach of > > owner/group/other is a purely Unix creation and i would bet Ken > > Thompson is behind it all. > > TOPS-10 had a 3 octal digit file protection code: > > - - Logins are PPNs - [Project, > Programmer] - So if I was [76,5], another user with [76,10] was in the > same project. Much like UNIX groups. > > Owner Protection Codes > 7*, 6* - You can execute, read, or change the protection code of the file. > 5* - You have unlimited access to the file, except for renaming it. > 4* - You have unlimited access to the file. > 3 - You can execute, read, or change the protection code of the file. > 2 - You have unlimited access to the file, except for renaming it. > 1, 0 - You have unlimited access. > * The File Daemon is called on a protection failure on this file (my > memory is a little fuzzy on this, but I believe it allowed finer grained > protections). > > Protection Codes for Fields 2 and 3 > 7 - The user cannot access the file. > 6 - The user can only execute the file. > 5 - The user can execute or read the file. > 4 - The user can execute, read, or append to the file. > 3 - The user can execute, read, append to, or update the file. > 2 - The user can execute, read, append to, update, and write to the file. > 1 - The user can execute, read, append to, update, write to, and rename > the file. > 0 - Unlimited access, including changing the protection code of the file. > > The name TOPS-10 was first used in 1970, but the monitor itself dates > back to 1964. I'm not sure when these protection codes came into being, > though. > Interesting; similar, though not identical to some material I captured back in the 1990s on TOPS-10 FILDAE in a discussion about Linux filesystem permission semantics... It seemed interesting, so I added it to a web page: linuxfinances.info/info/fs.html The claim is that there would be a fildae control file like the following: # anything in a directory named "private" is off limits */private/*:*:*:*: # people in group "foo" get full (create, delete, read, write, # execute) access to everything in the foo project directory ~/projects/foo/*:*:foo:*:cdrwx # people playing mygame can update the high score file ~/mygame/score.dat:*:*: ~/mygame/bin/mygame:rw # some friends have access to the RCS files for mygame ~/mygame/src/RCS/*:dennis,kevin,josh:*: /usr/bin/ci:rw ~/mygame/src/RCS/*:dennis,kevin,josh:*: /usr/bin/co:rw # I'll put stuff I want everyone to read in my ~/public directory # I'll make the public directory 744, so no one will actually have # to check .access_list, but I'll still put in this entry for completeness ~/public/*:*:*:*:r# anything left over gets no access*:*:*:*: -- When confronted by a difficult problem, solve it by reducing it to the question, "How would the Lone Ranger handle this?"