On Wed, 05 Oct 2005, Marc Perkel yowled:That's what it looks like when you are inside it.
Agian - thinking outside the box.
I hate that phrase. There is no `box'.
You inherit the rights of the new directory.If the permissions were don'e right in your own directories your
inherited rights would give your permissions automatically to your
home directory and all directories uner it. Netware has a concept
called an inherited rights mask - something Linux lacks. Windows also
has rights like this and Samba emulates it. So unless root put files
in your directory and specifically denied you rights to them, you
would have full rights to your own directory.
So, um, what happens to these permissions when you copy a file and put
it somewhere else? Do the inherited rights go with it or not? In Unix
it's pretty intuitive. In this system there seem to be two right
answers, both of which seem... risky from a security perspective.
It doesn't really make sense to use the /tmp directory the way Unix uses it. Why would you want just anyone to even know the names of the temporary files you are using. Users should have their own temp directory or create their own directory within /tmp
However - if you were browsing the /etc directory and there were files
there that you had no read or write access to - then you wouldn't even
be able to list them.
/tmp is the problem here, and shows the futility and pointlessness of
this feature. If you have an unlistable file in /tmp, *its name is still
determinable*, because other users cannot create files with that
name. The concept adds *nothing* over some combination of dirs with the
execute bit cleared for some set of users and subdirectories which
cannot be read by some set of users. There's no need for this profoundly
non-Unixlike permission at all. (As usual, ACLs make managing this on
a fine-grained scale rather easier.)
I'm not familiar with Plan 9.If you went to the home directory and lets say
everyone had 700 permissions on all the directories withing home, you
would only see your own directory. You wouldn't even be able to know
what other directories existed there.
This is what per-process filesystems are for.
If you want to start thinking about DOING IT RIGHT you need to think
beyond the Unix model and start looking at Netware. Maybe in 5 years
Linux will evolve to where Netware was in 1990.
I think Plan 9 is a better goal than Netware. At least it was designed
by people aiming for a better Unix rather than people trying to build a
better DOS, and so is more likely to have a compatible philosophy.
That's why I'm pushing netware as a model rather than windows. But Windows file permissions are superior to Linux.Unix permissions totally suck but it's old baggage that you're stuck
with somewhat. Are you going to be stuck forever and is Linux ever
going to grow up and move on to better things? Linux is crippled when
it comes to permissions.
Well, you can't change it drastically without violating POSIX. There's
no damned way Linux is going to do *that*.
The Windows people are laughing at you and
you don't even get it why they are laughing.
You *do* realise just how incapable the Windows permission-management
GUI is, don't you? Any OS where the command-line tools hide half
the permissions model and the GUI hides a slightly different half,
and where looking at a set of permissions and hitting cancel can
*change* those permissions drastically, is not sane.
(Disclaimer: the last time I bothered to verify the latter behaviour
was in NT4. Maybe they've partially fixed it.)