(no subject)

[David Eagle USG <eagle@zk3.dec.com> writes:]

>This message is in response to the brief discussion earlier
>about user IDs and what to do about remote users.
>...

Remember, UIDs are not used to determine what you can or can not read.
So two distinct users can both possess, say, 1.3, but because the "struct
perm" in <sys/perm.h> has a UID field, you can tell that one user got 1.3
because he's "joe", but another user got it because of being "frank". It
is more of an accounting thing.

I expect that each node is configured to know what kind of mapping/trust
to apply to its fellow nodes. In my paper, I wrote about a mapping like:

Node His_perm My_perm
pc0 * *
pc1 1.* 9.*
pc1 2.3 5.7
pc1 * 2.2
pc2 * 2.2

The first entry says that if somebody comes across from pc0, we trust
that PC and we have coordinated permissions. So anything you have on
pc0, you get on my machine as well.

The second entry says that we trust pc1 well enough that if you have a
1.* permission on pc1, we'll convert to 9.* on our side, and give you
that permission. This is for semi-trusted machines, where you want to
map part of one machine's users but don't want to bother keeping lock-
step permission values.

The third entry is similar, except that we're mapping a single permission
value.

The fourth says that we'll let other permissions through, but they all get
mapped to 2.2. This assumes you don't store anything precious with
access allowed for 2.2 (in fact, the default distribution file etc/ids
maps this to bad.bad), but such a permission can still be used to read
public files and such.

The final entry would be appropriate for a PC which we don't trust at all,
but we will allow them untrusted access. Such an entry might be used if
you had some games which somebody else wanted to run or copy.

There, all that about permission. What about UIDs? Well, if a UID is
used to tell *why* somebody got a permission, then it's easy for the
local case--they got them because they logged in, and we use the UID for
their account. For networks, I see two possibilities. Either everybody
gets a UID for "net", which means they came across the net. Or, you could
enhance the mapping table:

Node His_perm My_perm UID
pc0 * * 123
pc1 1.* 9.* 379
...

So that you get a UID which tells you which entry in the table was
responsible for the permission granted. I don't think a table like:

Node His_perm My_perm His_UID My_UID
pc0 * * 123 456
...

is great, because I want to make permissions easy to share, and this
would make you add table entries for every single remote user for every
single permission.

                                                Andy
Received on Tue Jan 11 16:46:42 1994