* [9fans] The user 'none'
@ 1997-10-01 14:25 rsc
0 siblings, 0 replies; 3+ messages in thread
From: rsc @ 1997-10-01 14:25 UTC (permalink / raw)
none has to be able to read a lot of files.
your algorithm doesn't (i don't think) handle
things like stuff up for ftp in /usr/none, which
is most likely owned by others.
none also has to be able to read the kernels from
/$objtype directories so that tftp can serve them.
i don't see how none ever gets access to files
it doesn't own.
russ
^ permalink raw reply [flat|nested] 3+ messages in thread
* [9fans] The user 'none'
@ 1997-10-01 15:33 G.David
0 siblings, 0 replies; 3+ messages in thread
From: G.David @ 1997-10-01 15:33 UTC (permalink / raw)
Russ from rsc@plan9.bell-labs.com suggested a different
algorithm. Instead of:
...
if none and write access requested
not
if ingroup and group is allowed requested access
ok
else
not
...
Try
...
if ingroup
if not none and group is allowed requested access OR
if none and *other* is allowed requested access
ok
else
not
...
This says that if none is a member of a group and that group
has allowed others access, than none gets access too.
Better?
David Butler
gdb@dbSystems.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* [9fans] The user 'none'
@ 1997-10-01 13:36 G.David
0 siblings, 0 replies; 3+ messages in thread
From: G.David @ 1997-10-01 13:36 UTC (permalink / raw)
Someone previously mentioned that the user 'none' should
be handled differently for permissions. After giving it
some thought I agree.
Just think about it, anybody that can route packets to your
file server can connect to it by using a Plan9 floppy and
using 'none'! On a normal server, if other can read or write
a file, so can 'none'! Even on old *nix I would never allow
a user access to my system without some kind of password.
So the question becomes, do we remove 'none's special status
(login without a password) or do we religate him to a 4th class
citizen. The idea is that 'none' is *not* a member of the
"group" other, as was suggested.
None would then have to be explicitly mentioned as a member of
a group to get access to any files he doesn't own. Since that
is how users are granted privs to update system files (user
"joe" is a member of group sys that has no group leader so he
can maintain the system files and the sys files have perms 775
so other users can get to them) none has to be denied write
access to all files except those that he owns.
The algorithm looks like:
if owner and owner is allowed requested access
ok
else
not
if none and write access requested
not
if ingroup and group is allowed requested access
ok
else
not
if not none and other is allowed requested access
ok
else
not
Comments?
David Butler
gdb@dbSystems.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~1997-10-01 15:33 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
1997-10-01 14:25 [9fans] The user 'none' rsc
-- strict thread matches above, loose matches on Subject: below --
1997-10-01 15:33 G.David
1997-10-01 13:36 G.David
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).