group id's and UNIX protection

utzoo!decvax!ucbvax!unix-wizards utzoo!decvax!ucbvax!unix-wizards
Tue Oct 20 05:18:39 AEST 1981

>From ihnss!cbosg!cbosgd!mark at Berkeley Tue Oct 20 04:49:28 1981
I see at least two problems with Walton's proposal.  First, if you are
using UID's only for accounting and GID's for personal file security,
then each user has to have his own group.  Adding in real groups, there
have to be more groups than users.  This eliminates the obvious implementation,
namely having 32 groups, one bit per group in a GID word.  You would have
to allow at least 2048 groups, probably 4096.  That's .5K of memory added
to each user structure.  The alternative, keeping a list, is ugly and
probably inefficient.

Second, it doesn't solve the problem of source file protection.  A typical
system that has read its Bell License and wants to live up to it finds
itself in the following boat:  there is one class of users who is always
working on programs in /usr/src and needs write permission in that
directory and its subdirectories all the time.  There is another class of
users who needs read permission but whom you don't want to give write
permission.  Then there are the run of the mill users (especially uucp)
that aren't allowed any access to the sources at all because they might
steal them and violate the license.

This second problem can be solved neatly, however, by noting that current
files have UID and GID protection fields.  Since UID's aren't used for
security any more, you throw out this field.  Or do you?  Why not just
make it a second GID field?  Then you would have two gid fields, call
them primary and secondary - you try the primary and if that doesn't
match any current GID you try the secondary.  Primary might have more
priveledges, such as write permission.

More information about the Comp.unix.wizards mailing list