Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uwm.edu!linac!att!ucbvax!PAN.SSEC.HONEYWELL.COM!thompson From: thompson@PAN.SSEC.HONEYWELL.COM (John Thompson) Newsgroups: comp.sys.apollo Subject: re: process priorities (problem?) Message-ID: <9103221617.AA29597@pan.ssec.honeywell.com> Date: 22 Mar 91 16:17:46 GMT Sender: daemon@ucbvax.BERKELEY.EDU Organization: The Internet Lines: 44 <> > >Our nodes were sold to us as multi-user workstations (especially the > They aren't. But if they were _sold_ as such, HP/Apollo at least has an obligation to support them this way. Also, I'd have a hard time considering the dn10000 (that now-obsolete machine) a single-user system. > >shouldn't be calling their products "UNIX". Gratuitous changes are a > >pain in the . > There isn't a gratuitous change there. Someone had the following choices: > > 1) Be incompatible with older Aegis-based software which depends > on being able to change process priorities. > 2) Lull the Unix user into a false sense of security by not allowing > Unix commands to change the priority, but still allowing Aegis > commands to. > 3) Relax the Unix protections. > #1 doesn't fit in with Apollo's stated standards (sure, they don't always > maintain compatibility, but they try). #2 is clearly wrong - people get > really pissed when they discover that. #3 fits in with the model (which > R&D certain had, if not marketing) that an Apollo workstation is a single- > user workstation. You missed an option. 4) Keep Unix protections tight, and create a permissions file for the Aegis users. #4 was done for the sigp/kill pair! In Unix, you still need to be the owner of a process (or root) to kill it. In Aegis, you need to be the owner of a process, _OR_ be listed in the `node_data/node_owners ACL. Now, that might leave them (HP/Apollo) a little open, but if they (A) put a comment in the release notes and/or (B) installed a locked-up ppri_owners file if Aegis wasn't loaded on a system, they should be reasonably safe. They'd also have fewer problems, IMHO. -- jt -- John Thompson Honeywell, SSEC Plymouth, MN 55441 thompson@pan.ssec.honeywell.com Me? Represent Honeywell? You've GOT to be kidding!!!