new user id system idea.

[DARIN JOHNSON]

In article <6611 at ucbvax.ARPA>, wizard%wisdom.bitnet at WISCVM.ARPA writes:
> From: Mike Trachtman  <wizard%wisdom.bitnet at WISCVM.ARPA>
> 
> an idea for protection sceme for unix.
> 
> Note: this is not entirely thought out, any comments are welcome.
> 
> It seems to me that having only all or no privledges,
> is not quite appropiate for systems that support more than 20 users.
> 
> One would like to give teaching assitants access to make some accounts,
> have other users be allowed to do backups, have some users, be allowed
> to access certain devices, etc., w/o giving them full su privs.

I know of lots of people who hate VMS because it has to many protection
modes.  On the other hand, lots of people hate UNIX for the lack
thereof.  I would like to see something in the middle.  All of the VMS
privileges get kind of huge. (we have jokes about 
ABLE-TO-COMPILE-ON-TUESDAY privileges being added in a new version)  On
the other hand, on UNIX, you have to go and give your new system service
to the SU to get it running (suid eats up your account).  The VMS system
we have here has virtually-nil privileges for students.  This is
annoying when we could use things like mailboxes but aren't allowed to.
So if a new system were set up, people would tend to have an all or none
approach anyway.  

For universities, it would seems nice to disallow all but the most basic
permissions to introductory classes.  For example, when our system got
incredibly loaded and a certain command was 'turned off', those of us
who didn't overuse it are equally restricted as the hogs.  So something
more than just owner, group, others would be a nice change.

Oh well, enough rambling, off to work.

  Darin Johnson
  UCSD