Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site cstvax.UUCP
Path: utzoo!watmath!clyde!cbosgd!ihnp4!mhuxn!mhuxr!ulysses!gamma!epsilon!zeta!sabre!bellcore!decvax!genrad!panda!talcott!harvard!seismo!mcvax!ukc!cstvax!db
From: db@cstvax.UUCP (Dave Berry)
Newsgroups: net.unix-wizards
Subject: Re: new user id system idea.
Message-ID: <300@cstvax.UUCP>
Date: Thu, 27-Jun-85 01:54:41 EDT
Article-I.D.: cstvax.300
Posted: Thu Jun 27 01:54:41 1985
Date-Received: Sun, 23-Jun-85 04:19:09 EDT
References: <6611@ucbvax.ARPA> <1660@ittvax.UUCP> <382@sdchema.UUCP>
Reply-To: db@cstvax.UUCP (Dave Berry)
Organization: Comp. Sc., Edinburgh Univ., Scotland
Lines: 19

In article <382@sdchema.UUCP> jwp@sdchema.UUCP (John Pierce) writes:
>Addition of a system call to allow "group superusers"
>helped quite a bit [if uid == gid, then that user can work their will with
>that groups files].  

I'd like to suggest a slight variation on this.
Make uid's & gid's the same, with groups defined by a special format in
/etc/passwd (analogous to the style of entries in /etc/group).
Then you get your "group superuser" by logging-in (or su-ing) to that user.
Everybody else starts off in their own group - i.e. files they create have
the same uid & gid, restricting permission to themselves in each case.
This would obviously be changeable.
Then when any daemons write files to private spool directories, they change
the gid of these files to the owner, thus giving the owner (& no-one else) 
read permission on spooled files.  This would be useful if they wanted to
check the contents of files, before removing them or updating them.
-- 
	Dave Berry. CS postgrad, Univ. of Edinburgh		
					...mcvax!ukc!{hwcs,kcl-cs}!cstvax!db