The Unix Heritage Society mailing list
 help / color / mirror / Atom feed
* Re: [TUHS] Additional groups and additional directory permissions
@ 2019-08-02 19:44 Norman Wilson
  0 siblings, 0 replies; 10+ messages in thread
From: Norman Wilson @ 2019-08-02 19:44 UTC (permalink / raw)
  To: tuhs

Thomas Paulsen:

  isn't Kirk McKusic a member of our group?

====

Kirk is a member of many groups, all at the same time.

Norman Wilson
Toronto ON

^ permalink raw reply	[flat|nested] 10+ messages in thread
* Re: [TUHS] Additional groups and additional directory permissions
@ 2019-08-10  4:02 Kirk McKusick
  2019-08-10  6:02 ` Thomas Paulsen
  0 siblings, 1 reply; 10+ messages in thread
From: Kirk McKusick @ 2019-08-10  4:02 UTC (permalink / raw)
  To: Clem Cole; +Cc: The Eunuchs Hysterical Society

> Date: Fri, 2 Aug 2019 09:28:18 -0400
> From: Clem Cole <clemc@ccc.com>
> To: Aharon Robbins <arnold@skeeve.com>, Doug McIlroy <doug@cs.dartmouth.edu>
> Cc: The Eunuchs Hysterical Society <tuhs@tuhs.org>
> Subject: Re: [TUHS] Additional groups and additional directory permissions
> 
> The best I can tell/remember is that groups went through 4 phases:
> 1.) No groups (earliest  UNIX) [ I personally never used this except in the
> V0 retrocomputing]
> 2.) First group implementation (Thompson) [My first UNIX introduction was
> with this implementation]
> 3.) PWB 1.0 (Mashey version) [then saw this post PWB]
> 4.) BSD 4.2 (wnj version) [and lived this transistion]
> 
> Each was a little different in semantics.
> 
> As Doug mentioned, many sites (like Research) really did not need much and
> groups were really not used that widely.   Thompson added something like
> the Project number of TOPS and some earlier systems.  Truth is, it did not
> help much IMO.   It was useful for grouping things like the binaries and
> keeping some more privileged programs from having to be setuid root.
> 
> Mashey added features in PWB, primarily because of the RJE/Front end to the
> Mainframes and the need to have better protections/collections of certain
> items.   But they still were much more like the DEC PPN, were you were
> running as a single group (i.e. the tuple UID/GID).  This lasted a pretty
> long time, as it worked reasonably well for larger academic systems, where
> you had a user and were assigned a group, say for a course or class, you
> might be talking.  If you looked at big 4.1 BSN Vaxen like at Purdue/Penn
> State, *etc.*, that how they were admin'd.  But as Doug said, if you were
> still a small site, the use of groups was still pretty shallow.
> 
> But, as part of the CSRG support for DARPA, there was a push from the
> community to have a list of groups that a user could be a part and you
> carried that list around in a more general manner.   The big sites, in
> particular, were pushing for this because they were using groups as a major
> feature.  wnj implemented same and it would go out widely in 4.2, although
> >>by memory<< that was in 4.1B or 4.1C first.   It's possible Robert Elz
> may have brought that to Bill with his quota changes, but frankly I've
> forgotten.   There was a lot of work being done to the FS at that point,
> much less Kirk's rewrite.
> 
> But as UNIX went back to workstations, the need for a more general group
> system dropped away until the advent widely used distributed file systems
> like CMU's AFS and Sun's NFS.  Then the concept of a user being in more
> than one group became much more de rigeur even on a small machine.
> 
> Clem

Late to answer...

As far as I remember, Clem's description is correct. The filesystem
itself stores only one owner and one group ID. When checking access
to the file, the file owner is checked to see if the user ID matches.
If so, then the owner permissions are applied. If not then the group
array associated with the user is used to decide if the group of the
file matches one of the groups of which the user is a member and if
so the group permissions apply. Otherwise the other permissions are
used.

In BSD, the group assigned to the file is assigned from the group of
the directory in which it is created. The setgid flag can be set only
if that group is a member of the user's group array. The user can only
change the group ID to one that appears in their group array.

Until multiple group sets were added to System V, the group of the
file was taken from the gid assigned to the user at login.

	Kirk McKusick

^ permalink raw reply	[flat|nested] 10+ messages in thread
* Re: [TUHS] Who's behind the UNIX filesystem permission
@ 2019-08-01 12:35 Doug McIlroy
  2019-08-01 16:22 ` John P. Linderman
  0 siblings, 1 reply; 10+ messages in thread
From: Doug McIlroy @ 2019-08-01 12:35 UTC (permalink / raw)
  To: tuhs

Read and write permission were common ideas--even part of
the Atlas paging hardware that was described before 1960.
The original concept of time-sharing was to give a virtual
computer to each user. When it became clear that sharing
was an equally important aspect, owner/other permissions
arose. I believe that was the case with Multics.

Owner/other permissions were in PDP-11 Unix from the start.
Group permissions arose from the ferment of daily talk in
the Unix lab. How might the usual protections be extended
to collaborative projects? Ken and Dennis deserve credit
for the final implementation. Yet clean as the idea of groups
was, it has been used only sporadically (in my experience).

Execute permission (much overloaded in Unix) also dates
back to the dawn of paging. One Unix innovation, due to
Dennis, was the suid bit--the only patented feature in
the Research system. It was instantly adopted for 
maintaining the Moo (a game now sold under the name
"Master Mind") league standings table.

One trouble with full-blown ACLs as required by NSA's
Orange Book, is obscurity. It is hard (possibly NP-
complete) to analyze the actual security of an ACL
configuration.

A common failing of Unix administration was a proliferation
of suid-root programs, e.g. mail(1). I recall one system
that had a hundred such programs. Sudo provided a way
station between suid and ACLs.

Doug

^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2019-08-10  6:02 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-02 19:44 [TUHS] Additional groups and additional directory permissions Norman Wilson
  -- strict thread matches above, loose matches on Subject: below --
2019-08-10  4:02 Kirk McKusick
2019-08-10  6:02 ` Thomas Paulsen
2019-08-01 12:35 [TUHS] Who's behind the UNIX filesystem permission Doug McIlroy
2019-08-01 16:22 ` John P. Linderman
2019-08-02  8:35   ` [TUHS] Additional groups and additional directory permissions arnold
2019-08-02 11:18     ` Tony Finch
2019-08-04  6:40       ` arnold
2019-08-02 12:45     ` Arthur Krewat
2019-08-02 13:06     ` Clem Cole
2019-08-02 13:28     ` Clem Cole
2019-08-02 19:00       ` Thomas Paulsen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).