From: cowan@mercury.ccil.org (John Cowan)
Subject: [TUHS] History of chown semantics
Date: Mon, 13 Jan 2014 13:16:35 -0500 [thread overview]
Message-ID: <20140113181635.GA12718@mercury.ccil.org> (raw)
In-Reply-To: <CAKt831HJfRx1vznQ8xttdg-n=BQmCf7J+-4WetTMDzKesrUQ3g@mail.gmail.com>
SZIGETI Szabolcs scripsit:
> Well, with the same reasoning, we don't need passwords or protection
> bits on files, since I can always take a piece of steel pipe and beat
> the owner, until he gives out the data, so why bother?
More like beating my argument with a pipe than the owner.
> Blocking chown for general users is one level of several controls.
Its specific purpose was to make per-user quotas practical, but since
per-user quotas are as dead as the dodo, it no longer serves any known
purpose. Yes, it blocks a particularly crude substitute for MAC in the
now-unusual case of true timesharing as opposed to single-user clients
and single-purpose servers. But really it is nothing but security by
ceremonial. A better case could be made that it should require root
privilege to perform chmod, or at least any chmod that widens access.
--
You are a child of the universe no less John Cowan
than the trees and all other acyclic http://www.ccil.org/~cowan
graphs; you have a right to be here. cowan at ccil.org
--DeXiderata by Sean McGrath
next prev parent reply other threads:[~2014-01-13 18:16 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-09 10:59 Tim Bradshaw
2014-01-09 12:46 ` Ronald Natalie
2014-01-09 14:56 ` Clem Cole
2014-01-09 15:17 ` Tim Bradshaw
2014-01-09 15:31 ` Clem Cole
2014-01-09 18:18 ` Dario Niedermann
2014-01-09 18:31 ` Ron Natalie
2014-01-09 18:48 ` Clem Cole
2014-01-09 19:48 ` Armando Stettner
2014-01-09 19:52 ` Clem Cole
2014-01-09 18:37 ` Tim Bradshaw
2014-01-09 18:55 ` Warner Losh
2014-01-10 16:20 ` Ed Carp
2014-01-09 17:01 ` Jeremy C. Reed
2014-01-09 18:40 ` Clem Cole
2014-01-09 19:13 ` John Cowan
2014-01-09 20:19 ` Tim Newsham
2014-01-09 20:43 ` Warner Losh
2014-01-10 10:09 ` Tim Bradshaw
2014-01-10 17:18 ` John Cowan
2014-01-12 21:19 ` Tim Bradshaw
2014-01-13 7:05 ` John Cowan
2014-01-13 10:37 ` Tim Bradshaw
2014-01-13 16:15 ` John Cowan
2014-01-13 16:53 ` SZIGETI Szabolcs
2014-01-13 18:16 ` John Cowan [this message]
2014-01-09 22:57 ` Cyrille Lefevre
2014-01-09 19:23 Brian S Walden
2014-01-09 19:51 ` Clem Cole
2014-01-09 21:29 Brian S Walden
2014-01-09 22:03 ` Clem Cole
2014-01-10 0:59 ` John Cowan
2014-01-10 4:28 ` Greg 'groggy' Lehey
2014-01-10 10:15 ` Tim Bradshaw
2014-01-09 21:43 Doug McIlroy
2014-01-10 0:15 Brian S Walden
2014-01-10 1:01 ` Larry McVoy
2014-01-10 15:16 ` Clem Cole
2014-01-10 15:21 ` Larry McVoy
2014-01-10 1:41 Brian S Walden
2014-01-10 13:17 ` scj
2014-01-10 14:03 ` Ronald Natalie
2014-01-10 14:55 Brian S Walden
2014-01-10 17:05 ` Ron Natalie
2014-01-10 17:08 Brian S Walden
[not found] <mailman.1.1389661202.22836.tuhs@minnie.tuhs.org>
2014-01-14 22:44 ` Pepe
2014-01-15 1:33 ` Warner Losh
2014-01-15 1:43 ` Larry McVoy
2014-01-15 2:13 ` John Cowan
2014-01-15 4:02 ` Chris Nehren
2014-01-15 4:39 ` Steve Nickolas
2014-01-16 8:56 Brian S Walden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140113181635.GA12718@mercury.ccil.org \
--to=cowan@mercury.ccil.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).