[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: X and other visions

From: Patrick Strasser
Subject: Re: X and other visions
Date: Mon, 14 Jun 2004 14:14:19 +0200
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.5) Gecko/20031013 Thunderbird/0.3

Concrete cases are completely irrelevant. You can't contruct all cases in 15 mails; there is at least one important case you can't think of.

As I understand the idea behind the design principles of the Hurd is:
Let the user decide, how to use his computer, so give him all possibilities. The user can decide for himself which he wants to disable/enable for every situation.

There are lots of examples where things seem to be quite stupid on the first glance. Who would want a group of students to play Jimmy Hendrix on all machines in the user center? (depends on the admin ;) At least it would be quite cool, and one evening I'll do it :-> Moreover a machine doesn't need to have only one audio device. And this device does not need to have some physical sound output. It could be a hardisk recording device, a modem etc.

So everything should be _possible_ for everyone, even for the not-loggen-in. Ususally someone wants to set some policy who is allowed what to do in which situation. We have some models: *) POSIX file permissions: Quite rigid, needs root to administrate users and groups. Has limited categories (3/4). Many people search for better alternatives. *) ACLs: More flexible, but more difficult to use. Complicated rules might lead to security holes. Tricky regarding inherited rights. *) Capabilities: less file-centered right management. Can take "situations" into account.

I'm shure there are more models.

Idealy, everyone can change his rights in the boundaries of his realm. You should be able to have full control over who can access your files. If you want user foo to read your files, but (exept you) noone else, this should be possible (ACL can do this, file permissions need groups, which needs root). If you want to share your audio device with someone else, fine. If you want to set up a machine, where everyone can reboot, or fire up systems that control a graphics card, why not. One might have good reasons to do so.

But it's important to have a good, usable interface to such control. Noone wants to write a config file with a syntax you have too lookup in a manpage everytime you change your rights. It must calculate a complete "plan" of the situationadn return this to the user in a good understandable form. It's not enough to let the user evaluate all rules and permissions in his head. Computers can do that much better. Windows XP has somthing called "effective rights". Very usefull. Such a tool should take a situation (activity + user + rule set) and tell you what is possible.

Engineers motto:  | Patrick Strasser
[ ] cheap         | <past at sbox dot tugraz dot at>
[ ] good          |
[ ] fast          | Student of Telematik
-> choose any two | Techn. University Graz, Austria

reply via email to

[Prev in Thread] Current Thread [Next in Thread]