[3099] in bugtraq
Re: /etc/shells (was Re: procmail)
daemon@ATHENA.MIT.EDU (Julian Assange)
Thu Aug 8 21:57:23 1996
Date: Fri, 9 Aug 1996 06:06:49 +1000
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Julian Assange <proff@suburbia.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <Pine.NEB.3.95.960808150527.18728C-100000@like.duh.ml.org> from
"Todd Vierling" at Aug 8, 96 03:07:27 pm
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> On Thu, 8 Aug 1996, Eugene Bradley wrote:
>
> : I kinda like der Mouse's latter idea. In fact, here are some ideas
> : for the flags that can be used in a passwd database that root can
> : edit in as necessary. I don't know if some UNIX OSes support this
> : feature currently in the form of kernel flags; this is an idea I have
> : off the top of my head.
>
> There are *IX implementations where the master passwd file (/etc/shadow,
> /etc/master.passwd, etc.) is a so-called opaque file and the /etc/passwd
> "standard" format file is generated from it. They could easily be put into
> additional flags in the opaque passwd file. Note that a *IX kernel doesn't
> touch passwd files; only user mode code changes user ID's and works with the
> passwds.
The /etc/passwd scheme is botch. /etc/passwd should be merely one view
of a relational database which contains information about all users.
NIS+ attempts to do this, but does it poorly. IMHO the strength of unix
was that nearly everything was a file system object. Hardlinks were a
primitive attempt at multiple views of the same object. Symbolic links
are a kludge, because they point to a view of an object, rather than the
object itself. Any permission or name-space scheme which doesn't use the
file system is also kludge, because it ruins the file-system
encapsulation all objects. BSD networking functions are an example.
Everything should be a file system object and it's security should be
dictated by the file system. The reason why linux's /proc is so popular
is because it uses the filesystem to create a view of kernel objects.
When introducing a new name-space, or permission scheme, it should be
given a file-system view. If the file-system is not something that
easily accomodates such objects, then the file system should be
upgraded.
The idea is that the file-system provides a consistant name-space
and permission-space to all objects addressable under unix.
--
"Of all tyrannies a tyranny sincerely exercised for the good of its victims
may be the most oppressive. It may be better to live under robber barons
than under omnipotent moral busybodies, The robber baron's cruelty may
sometimes sleep, his cupidity may at some point be satiated; but those who
torment us for own good will torment us without end, for they do so with
the approval of their own conscience." - C.S. Lewis, _God in the Dock_
+---------------------+--------------------+----------------------------------+
|Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union |
|proff@suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = |
|proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 |
+---------------------+--------------------+----------------------------------+
