Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!ucsd!ucbvax!A.ISI.EDU!LYNCH
From: LYNCH@A.ISI.EDU (Dan Lynch)
Newsgroups: comp.protocols.tcp-ip
Subject: Re: toll restrictors
Message-ID: <12595814075.21.LYNCH@A.ISI.EDU>
Date: 7 Jun 90 05:13:13 GMT
References: <4619@bacchus.dec.com>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 21

Kraig,  You bring up a very cogent point>  To wit, does a particular OS
have the flexibility to control access on a per user basis to particular
system resources. In the case of current interest you are interested
in network access.  In the late 70's I was associated with a computer
service company (Tymshare) and we had users who cam in via Tymnet and
users who cam in via Arpanet and we had to be able to permit/deny
access on a per user basis to "the other network".  We put th ehooks 
for this into our operating system, Tenex (the precursor of TOPS20).
It was a simple hack to put in the OS.  The only hair/pain was to
then keep the list of permissions updated whenever we created a new user.

IN fact, I have found that the mechanism part(s) of security and access
control are very easy for the OS enforcement part.  The huge and ugly 
part has to do with the administrative part of actually creating
and modifying allthe lists of permissions on a per entity basis.

I'm sure Unix could be hacked a bit to do the same as Tenex did many
years ago.

Dan
-------