new user id system idea.
terryl at tekcrl.UUCP
terryl at tekcrl.UUCP
Thu May 2 04:16:50 AEST 1985
>an idea for protection sceme for unix.
>Note: this is not entirely thought out, any comments are welcome.
>One would like to give teaching assitants access to make some accounts,
>have other users be allowed to do backups, have some users, be allowed
>to access certain devices, etc., w/o giving them full su privs.
>Thus I think Unix should have more than one type of priv.
>also, I think that the group idea is not really used well at most Unix
>Installations, and should be slightly modified to deal with it.
>Lastly I think, that as alot of software gets strange ideas, when a person
>is running as su, as to who is running, that system should be slightly changed
>also.
>Thus I suggest the following:
>1) have a three layer permission heirechy (rather than 2 as now)
root
> |-------|--------|--------|--------|
> group group group group group
> leader leader leader leader leader
> | | | | | | | | | | | | | | | | | | |
> users and more users ..................
>with uid-0 being root
>uid 1-255 being group leaders
>and other users, having the gid coded in the hi word and user within
>the group, coded in the low word.
You sure you didn't go to Berkeley??? They did something similar
6-8 years ago with group leaders. Basically, if the user id matched the
group id, then that user was a group leader with su-like privileges for
that group only. If I remember correctly(rarely) they never did distribute
this as part of the normal UNIX* distribution.
Terry Laskodi
of
Tektronix
* UNIX IS A TRADEMARK OF YOU-KNOW-WHO
More information about the Comp.unix.wizards
mailing list