From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: From: "Russ Cox" To: 9fans@cse.psu.edu Subject: Re: [9fans] fs administration: how do people update multi-user fs? In-Reply-To: <200302141502.h1EF2sr12679@zamenhof.cs.utwente.nl> MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Date: Fri, 14 Feb 2003 10:16:47 -0500 Topicbox-Message-UUID: 5efeb992-eacb-11e9-9e20-41e7f4b1d025 I removed the -u flag from /dist/replica/network and just run as me. Since I'm in group sys I have permissions enough to do a pull. There's no need for allowing. This mirrors the way the Plan 9 file server at Bell Labs runs. We don't "su to root" or anything like that to install new binaries; we do it as ourselves, and make sure our accounts have the right permissions. Some people who were more wary of having such permissions all the time have maintained two accounts, e.g. glenda and glendasys, switching to glendasys to do administrative work. That's still a far cry from root. (Doing the software packaging I became painfully aware of how bad Unix is in this regard. It was impossible to test my installations without su'ing to root. You'd think that some Unix would take the hint and use group permissions so that you didn't have to be root to install potentially untrusted pieces of software that come with custom build scripts.) Allow is useful to get started, and I made it the default in the pull scripts for kfs because kfs is usually a single-user system and allowing solved the problem of remembering to be in group sys, but in general I think it's a bigger hammer than you need. If you're running your own file server, then I have no problem with forcing you to figure out group sys. A few people have proposed a per-uid allow or a per-connection allow for the purposes of updating, but to me, it feels way too much like root. I like the fact that you can't "allow" except when starting the file system. Russ