non-superuser chown(2)s considered harmful

[Rahul Dhesi]

Apart from the many detailed differences between System V (Release 3)
and 4.xBSD, there is a fundamental difference in philosophy that some
of you may be missing.

The design of System V assumes a small, isolated system system with few
users and any networking limited to UUCP.

The design of BSD assumes a bigger system with many users and
connectivity between machines using (usually) TCP/IP on high-speed
links.

On the sort of small, isolated system for which System V is designed,
the ability to chown files away without restriction, and the absence of
any disk quota or inode quota mechanism, does not cause a serious
problem.

However, consider a UNIX system with 1,000 or more users.  In the
absence of reasonable resource quotas, the administrator would have
time to do little else but track down culprits involved in deliberate
or accidental denial-of-service incidents.  Hence the greater
restrictions such as a restricted chown, as well as more powerful and
flexible access control mechanisms such as disk quotas, multiple group
memberships, and soft and hard limits on memory and CPU usage.

Those of you who use only BSD-derived systems shouldn't try too hard
to understand the System V user's point of view -- it will be quite
strange to you, almost like trying to understand the unusual practices
of a foreign country.  Similarly, those of you who use only System V-
derived systems should be prepared to accept what BSD users say without
understanding just why they say it.
--
Rahul Dhesi <dhesi%cirrusl at oliveb.ATC.olivetti.com>
UUCP:  oliveb!cirrusl!dhesi