From mboxrd@z Thu Jan  1 00:00:00 1970
From: cowan@mercury.ccil.org (John Cowan)
Date: Mon, 13 Jan 2014 13:16:35 -0500
Subject: [TUHS] History of chown semantics
In-Reply-To: <CAKt831HJfRx1vznQ8xttdg-n=BQmCf7J+-4WetTMDzKesrUQ3g@mail.gmail.com>
References: <F174F3EE-BFED-4561-9A1A-B4D33D179513@tfeb.org>
 <alpine.NEB.2.02.1401090914270.4786@t1.m.reedmedia.net>
 <20140109191336.GD24304@mercury.ccil.org>
 <5128EE1B-28A2-4D5E-AE32-BEC6652DF1A1@tfeb.org>
 <20140110171819.GA14513@mercury.ccil.org>
 <8F58DE51-60E5-4E41-AAEF-78CAC3C08DBC@tfeb.org>
 <20140113070543.GC22593@mercury.ccil.org>
 <9D0D12F6-B198-4793-8501-E366FC7E5CB1@tfeb.org>
 <20140113161506.GA31756@mercury.ccil.org>
 <CAKt831HJfRx1vznQ8xttdg-n=BQmCf7J+-4WetTMDzKesrUQ3g@mail.gmail.com>
Message-ID: <20140113181635.GA12718@mercury.ccil.org>

SZIGETI Szabolcs scripsit:

> Well, with the same reasoning, we don't need passwords or protection
> bits on files, since I can always take a piece of steel pipe and beat
> the owner, until he gives out the data, so why bother?

More like beating my argument with a pipe than the owner.

> Blocking chown for general users is one level of several controls. 

Its specific purpose was to make per-user quotas practical, but since
per-user quotas are as dead as the dodo, it no longer serves any known
purpose.  Yes, it blocks a particularly crude substitute for MAC in the
now-unusual case of true timesharing as opposed to single-user clients
and single-purpose servers.  But really it is nothing but security by
ceremonial.  A better case could be made that it should require root
privilege to perform chmod, or at least any chmod that widens access.

-- 
You are a child of the universe no less         John Cowan
than the trees and all other acyclic            http://www.ccil.org/~cowan
graphs; you have a right to be here.            cowan at ccil.org
  --DeXiderata by Sean McGrath