Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!ukma!psuvm.bitnet!uh2
From: UH2@PSUVM.BITNET (Lee Sailer)
Newsgroups: comp.sys.next
Subject: Re: Security and defaults.
Message-ID: <89160.135208UH2@PSUVM>
Date: 9 Jun 89 17:52:08 GMT
References: <4985@umd5.umd.edu> <43b721a8.19ac2@wasp.engin.umich.edu>
Organization: Penn State University - Center for Academic Computing
Lines: 28

I think maybe it would be a good idea for NeXT to deliver the box with
some way to choose among two or more "configurations".  One mode would
be for people who intend to run almost always in a *single user* mode.
I don't mean the Unix notion of single user, I mean the social notion---one
person has the machine, runs it, is *responsible* for it, locks
the door to keep strangers away from it, and knows what he or she is doing.

Another mode is *end user* mode.  This is still a single user mode, with the
difference being that some expert elsewhere is responsible for administering
the machine, changing the time, backing up disks, etc.

A third mode is *shared user* mode, which will be common in trusted lab
or office environments.  Probably lots of users, but one administrator.
A possible fourth *public mode* might be necessary for untrusted public
labs, and I know that a lot of Comp Center folks are busily trying to figure
out good ways to manage that type of environment.  Good luck.

My point is that rather than delivering *ONE* default mode, NeXT might
deliver two or more, with an easy to use front end for switching between
modes.  The difference between modes might be things like

 o Which programs are suid.
 o Protections on sensitve files and directories.
 o Ulimits and umasks.
 o Permissions to change the time.
 o Default PATHs

etc etc etc.