Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 (Tek) 9/28/84 based on 9/17/84; site tekcrl.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxt!houxm!vax135!cornell!uw-beaver!tektronix!tekcrl!terryl From: terryl@tekcrl.UUCP () Newsgroups: net.unix-wizards Subject: Re: new user id system idea. Message-ID: <114@tekcrl.UUCP> Date: Wed, 1-May-85 14:16:50 EDT Article-I.D.: tekcrl.114 Posted: Wed May 1 14:16:50 1985 Date-Received: Fri, 3-May-85 04:21:39 EDT References: <6611@ucbvax.ARPA> Lines: 49 >an idea for protection sceme for unix. >Note: this is not entirely thought out, any comments are welcome. >One would like to give teaching assitants access to make some accounts, >have other users be allowed to do backups, have some users, be allowed >to access certain devices, etc., w/o giving them full su privs. >Thus I think Unix should have more than one type of priv. >also, I think that the group idea is not really used well at most Unix >Installations, and should be slightly modified to deal with it. >Lastly I think, that as alot of software gets strange ideas, when a person >is running as su, as to who is running, that system should be slightly changed >also. >Thus I suggest the following: >1) have a three layer permission heirechy (rather than 2 as now) root > |-------|--------|--------|--------| > group group group group group > leader leader leader leader leader > | | | | | | | | | | | | | | | | | | | > users and more users .................. >with uid-0 being root >uid 1-255 being group leaders >and other users, having the gid coded in the hi word and user within >the group, coded in the low word. You sure you didn't go to Berkeley??? They did something similar 6-8 years ago with group leaders. Basically, if the user id matched the group id, then that user was a group leader with su-like privileges for that group only. If I remember correctly(rarely) they never did distribute this as part of the normal UNIX* distribution. Terry Laskodi of Tektronix * UNIX IS A TRADEMARK OF YOU-KNOW-WHO