Unix files should have both real and effective ids for files too

[Anthony DeBoer]

In article <PCG.90Dec10191750 at odin.cs.aber.ac.uk> pcg at cs.aber.ac.uk (Piercarlo Grandi) writes:
>Note that having real and effective id for files too also solves the
>problem of protection and accounting for space for protected subsystems
>like Ingres or LPD, which currently have three equally unpalatable
>choices: if they hold the files entrusted to them under the user's id
>they must run either as root or must make them readable/writable to
>everybody to be able to access them; if they change ownership to
>themselves then the user can no longer access them and also does not pay
>for the space it occupies.

There's a fourth choice: give the subsystem a group ID of its own.  The files
in the queue would remain owned by their original owner, but the GID would be
"lp" or whatever, and the permissions 660.  The directory itself would be
owned by lp, or even by root with GID=lp, with permissions either 775 or 770
depending on whether it is necessary to prevent users from tampering directly
with files that are already enqueued.  The appropriate utilities (ie. the
spooler, the "cancel" command, and so forth) would run setgid.
-- 
Anthony DeBoer - NAUI #Z8800                           adeboer at gjetor.geac.com 
Programmer, GEAC J&E Systems Ltd.             uunet!jtsv16!geac!gjetor!adeboer
Toronto, Ontario, Canada             #include <std.random.opinions.disclaimer>