From mboxrd@z Thu Jan  1 00:00:00 1970
To: 9fans@cse.psu.edu
Subject: Re: [9fans] capability-based design (Re: permissions idea)
From: rog@vitanuova.com
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Message-Id: <20011004191609.B7DB9199B5@mail.cse.psu.edu>
Date: Thu,  4 Oct 2001 20:28:24 +0100
Topicbox-Message-UUID: fd85271a-eac9-11e9-9e20-41e7f4b1d025

> the app must asks permission (from the OS, which
> then might ask the user) before doing anything significant to the user's
> software environment. 

surely that assumes that the user wouldn't just automatically accept
any reasonable-sounding request to open a file (i know i would,
especially if i had several hundred per day).

might it not be better just to use filterfs to make sure that an
application can't see the files i want to hide from it?  you could
even add an interface so that an application could request that a
certain file/filetree be made visible; that could even trigger a
request to the user if required.

capabilities (and ACLs) seem to me like they'd be a maintenance
nightmare. i can barely remember to chmod my personal files 600...

  rog.