From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <200007141446.KAA17766@illustrious.cnchost.com> To: rob@plan9.bell-labs.com To: 9fans@cse.psu.edu Subject: Re: [9fans] allow FROM: pip@namaste.stricca.org Date: Fri, 14 Jul 2000 14:51:21 -0400 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="upas-mawsurwlcycbslvftcgjtvmffg" Topicbox-Message-UUID: dd4d6d32-eac8-11e9-9e20-41e7f4b1d025 This is a multi-part message in MIME format. --upas-mawsurwlcycbslvftcgjtvmffg Content-Disposition: inline Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Hi This may seem a bit cumbersome when you initially think about it, but : The reason 'allow' is fine on the stand-alone file fileserver is because of physical security. Is it possibly to provide a similar facility in the context of the general purpose system ? Maybe the use of smart cards might be a solution. At system configuration time, you config the system to recognize the bearer of a particular card as the admin. Whenever you need to admin the system, insert the smartcard, do stuff, pull it out, capability gone. just a thought. - pip --upas-mawsurwlcycbslvftcgjtvmffg Content-Type: message/rfc822 Content-Disposition: inline Return-Path: Received: from cse.psu.edu (claven.cse.psu.edu [130.203.3.50]) by hood.cnchost.com id KAA18152; Fri, 14 Jul 2000 10:29:28 -0400 (EDT) [ConcentricHost SMTP MX 1.15] Errors-To: Received: from localhost (majordom@localhost) by cse.psu.edu (8.8.8/8.8.8) with SMTP id KAA00551; Fri, 14 Jul 2000 10:29:25 -0400 (EDT) Received: by claven.cse.psu.edu (bulk_mailer v1.5); Fri, 14 Jul 2000 10:29:23 -0400 Received: (from majordom@localhost) by cse.psu.edu (8.8.8/8.8.8) id KAA00251 for 9fans-outgoing; Fri, 14 Jul 2000 10:19:02 -0400 (EDT) X-Authentication-Warning: claven.cse.psu.edu: majordom set sender to owner-9fans using -f Received: from plan9.cs.bell-labs.com (plan9.bell-labs.com [204.178.31.2]) by cse.psu.edu (8.8.8/8.8.8) with SMTP id KAA00244 for <9fans@cse.psu.edu>; Fri, 14 Jul 2000 10:18:57 -0400 (EDT) Message-Id: <200007141418.KAA00244@cse.psu.edu> To: 9fans@cse.psu.edu Subject: [9fans] allow X-UIDL: 963585007.000 From: "rob pike" Date: Fri, 14 Jul 2000 10:18:54 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Sender: owner-9fans@cse.psu.edu Reply-To: 9fans@cse.psu.edu Precedence: bulk Status: RO "Allow" is a wretched thing. It was put in the original file server code for bootstrapping, and only gets turned on during administrative hell. When that code was adapted to form kfs, the same necessity led to the same solution, but it is a far more dangerous, nasty, foul thing in that context. The reason is that the stand-alone file server has a true console and is not a general-purpose operating system, while kfs runs as a traditional file server on a general-purpose machine. Better ideas (short of a superuser) are welcome. -rob --upas-mawsurwlcycbslvftcgjtvmffg--