Marc A. Boschma
> >This mostly seems like a feature to me, although it causes wrinkles like the
> >one you noticed. Setting aside legacy behavior, why should somebody who
> >isn't supposed to read your file be permitted to know when and how much you
> >wrote it, and also when you read it?
>
> I'd even vote for them not being able to determine the file name.
> Directories might need a bit of thought, although I can't seen any
> issue off the top of my head...
How about the fact that it would be redundant, that directory permissions
already perform this function? How about the fact that it would be woefully
inconsistent with the fact that filenames do not belong to a file but belong
to the directory they are contained in? The identity of a file is in its
stats and its contents, the filename is an identifier /separate/ from the
file. A file remains the same whether it has one, two, many, or even /zero/
filenames; moving a file does not change it, neither does hard linking it.
If anything, I don't agree with user permissions in the first place. Access
rights should be embedded in the topology of the filesystem, which should
in turn allow multiple containment (multiple parents for any directory)
in order to properly embed arbitrary access rights. If you do this then
you end up with a secure system that doesn't require each and every single
file server to authenticate every user at every turn (with the unresolvable
security issues /that/ raises).
-- When we hear about a murderer, rarely do we want to understand what drove him to murder; more often we wish to kill him. It is difficult to understand that the vengefulness we feel toward a murderer, which drives us to champion execution, is identical to the wish for revenge the murderer feels for what he believes to be the horrendous injustices in his life. -- Dr. Herbert Strean and Lucy Freeman from "Our Wish to Kill".Received on Mon Nov 9 17:29:41 1998
This archive was generated by hypermail 2.1.8 : Thu Sep 22 2005 - 15:12:56 PDT