user-defined groups

David Ascher da at cs.brown.edu
Thu Mar 21 03:04:36 AEST 1991 

In article <1991Mar20.045739.27136 at mp.cs.niu.edu> rickert at mp.cs.niu.edu (Neil Rickert) writes:

   In article <DA.91Mar19232007 at igor.cs.brown.edu> da at cs.brown.edu (David Ascher) writes:
   >I suspect that when people want to share files, they tend to go
   >overboard in the wrong direction: give _everyone_ read access.

    Why is that going overboard.  Most files do not contain sensitive information,
   so there is no reason for them not to be publically readable.

In such cases, I agree, this isn't going overboard.  But the whole
concept of rights assumes that some files need to be protected.  I am
looking for opportunities to make this more flexible, that is all.
What's more, whereas most files do not contain sensitive information,
there are lots of executables which shouldn't be run by people who
don't know what they do...

   >A more flexible group management scheme seems needed in the world of
   >NFS-mounted networks of workstations with hundreds of users.  I'd like
   >to know what, if anything, is wrong with the following scheme:

    For the kind of joint project you are talking about, I don't think your
   world of 'networks of workstations with hundreds of users' is realistic.
   Try a world of 'networks of hundreds of workstations, each with one or two
   principle users.'  For this type of setup, where the principle users
   probably have root access to their own workstation, your solution is
   far too complex.

Well, I was actually thinking of something like the Brown Computer
Science network, where there are a couple of hundred workstations all
NFS-linked, with say, >300 users, but only a few people (sysadmins)
have root access.  This setup is quite appropriate in a system where
users don't have "their" workstation, but can use any one of hundreds.

So:  1.  Why would someone not like the idea of user-defined groups?
     2.  What are the security flaws in the system I have described?


--
== David Ascher -- Brown University, Providence RI 02912 
==  Internet:      dascher at brownvm.Brown.EDU (Internet)
==  UUCP:          uunet!brunix!da
==  Bitnet:        dascher at brownvm

More information about the Comp.unix.admin mailing list