Re: X and other visions

[Patrick Strasser]

Concrete cases are completely irrelevant. You can't contruct all cases 
in 15 mails; there is at least one important case you can't think of.

As I understand the idea behind the design principles of the Hurd is:
Let the user decide, how to use his computer, so give him all 
possibilities. The user can decide for himself which he wants to 
disable/enable for every situation.

There are lots of examples where things seem to be quite stupid on the 
first glance. Who would want a group of students to play Jimmy Hendrix 
on all machines in the user center? (depends on the admin ;) At least it 
would be quite cool, and one evening I'll do it :-> Moreover a machine 
doesn't need to have only one audio device. And this device does not 
need to have some physical sound output. It could be a hardisk recording 
device, a modem etc.

So everything should be _possible_ for everyone, even for the 
not-loggen-in. Ususally someone wants to set some policy who is allowed 
what to do in which situation. We have some models:
*) POSIX file permissions: Quite rigid, needs root to administrate users 
and groups. Has limited categories (3/4). Many people search for better 
alternatives.
*) ACLs: More flexible, but more difficult to use. Complicated rules 
might lead to security holes. Tricky regarding inherited rights.
*) Capabilities: less file-centered right management. Can take 
"situations" into account.

I'm shure there are more models.

Idealy, everyone can change his rights in the boundaries of his realm. 
You should be able to have full control over who can access your files. 
If you want user foo to read your files, but (exept you) noone else, 
this should be possible (ACL can do this, file permissions need groups, 
which needs root). If you want to share your audio device with someone 
else, fine. If you want to set up a machine, where everyone can reboot, 
or fire up systems that control a graphics card, why not. One might have 
good reasons to do so.

But it's important to have a good, usable interface to such control. 
Noone wants to write a config file with a syntax you have too lookup in 
a manpage everytime you change your rights. It must calculate a complete 
"plan" of the situationadn return this to the user in a good 
understandable form. It's not enough to let the user evaluate all rules 
and permissions in his head. Computers can do that much better.  Windows 
XP has somthing called "effective rights". Very usefull. Such a tool 
should take a situation (activity + user + rule set) and tell you what 
is possible.

Patrick
--
Engineers motto:  | Patrick Strasser
[ ] cheap         | <past at sbox dot tugraz dot at>
[ ] good          |
[ ] fast          | Student of Telematik
-> choose any two | Techn. University Graz, Austria