Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!brunix!doorknob!da From: da@cs.brown.edu (David Ascher) Newsgroups: comp.unix.admin Subject: Re: user-defined groups Message-ID: Date: 20 Mar 91 17:04:36 GMT References: <1991Mar20.045739.27136@mp.cs.niu.edu> Sender: news@brunix.UUCP Organization: Department of Computer Science, Brown University Lines: 42 In-reply-to: rickert@mp.cs.niu.edu's message of 20 Mar 91 04:57:39 GMT In article <1991Mar20.045739.27136@mp.cs.niu.edu> rickert@mp.cs.niu.edu (Neil Rickert) writes: In article da@cs.brown.edu (David Ascher) writes: >I suspect that when people want to share files, they tend to go >overboard in the wrong direction: give _everyone_ read access. Why is that going overboard. Most files do not contain sensitive information, so there is no reason for them not to be publically readable. In such cases, I agree, this isn't going overboard. But the whole concept of rights assumes that some files need to be protected. I am looking for opportunities to make this more flexible, that is all. What's more, whereas most files do not contain sensitive information, there are lots of executables which shouldn't be run by people who don't know what they do... >A more flexible group management scheme seems needed in the world of >NFS-mounted networks of workstations with hundreds of users. I'd like >to know what, if anything, is wrong with the following scheme: For the kind of joint project you are talking about, I don't think your world of 'networks of workstations with hundreds of users' is realistic. Try a world of 'networks of hundreds of workstations, each with one or two principle users.' For this type of setup, where the principle users probably have root access to their own workstation, your solution is far too complex. Well, I was actually thinking of something like the Brown Computer Science network, where there are a couple of hundred workstations all NFS-linked, with say, >300 users, but only a few people (sysadmins) have root access. This setup is quite appropriate in a system where users don't have "their" workstation, but can use any one of hundreds. So: 1. Why would someone not like the idea of user-defined groups? 2. What are the security flaws in the system I have described? -- == David Ascher -- Brown University, Providence RI 02912 == Internet: dascher@brownvm.Brown.EDU (Internet) == UUCP: uunet!brunix!da == Bitnet: dascher@brownvm