From mboxrd@z Thu Jan  1 00:00:00 1970
Date: Wed,  1 Oct 1997 08:36:46 -0500
From: G. David Butler gdb@dbSystems.com
Subject: [9fans] The user 'none'
Topicbox-Message-UUID: 6792e3ba-eac8-11e9-9e20-41e7f4b1d025
Message-ID: <19971001133646.Whb5lbqInlSyXmoALhLuxJLlgTKTEujOXoRpnoFgPMo@z>

Someone previously mentioned that the user 'none' should
be handled differently for permissions.  After giving it
some thought I agree.

Just think about it, anybody that can route packets to your
file server can connect to it by using a Plan9 floppy and
using 'none'!  On a normal server, if other can read or write
a file, so can 'none'!  Even on old *nix I would never allow
a user access to my system without some kind of password.

So the question becomes, do we remove 'none's special status
(login without a password) or do we religate him to a 4th class
citizen.  The idea is that 'none' is *not* a member of the
"group" other, as was suggested.

None would then have to be explicitly mentioned as a member of
a group to get access to any files he doesn't own.  Since that
is how users are granted privs to update system files (user
"joe" is a member of group sys that has no group leader so he
can maintain the system files and the sys files have perms 775
so other users can get to them) none has to be denied write
access to all files except those that he owns.

The algorithm looks like:

if owner and owner is allowed requested access
	ok
else
	not

if none and write access requested
	not

if ingroup and group is allowed requested access
	ok
else
	not

if not none and other is allowed requested access
	ok
else
	not

Comments?

David Butler
gdb@dbSystems.com