[TUHS] History of chown semantics

[Tim Bradshaw]

On 10 Jan 2014, at 17:18, John Cowan wrote:
> 
> Blunt, I don't mind.  But an explanation would be useful.

Well, just in order.

Quotas actually don't seem to be used very much.  Instead people Greenspun it by confining applications to distinct filesystems and some kind of volume manager.  Changing a quota now consists of adding "disks" (which are of course actually chunks of space carved out of some underlying array and probably don't correspond to real disk boundaries at all) to the volume manager, and then resizing the filesystem on the fly.  If you want to reduce the "quota" you're in for hours of I/O as the FS evacuates the disks, if you can do it at all.  One day they will discover NFS over IP/ethernet with quotas.

Privilege separation is more sorted out.  People (regulators, auditors, the organisation itself) are extremely interested in knowing who can see and do what.  Root access seems to be typically pretty sorted by now (no-one has it except under some kind of auditable breakglass process) and controlling per-user access is getting tied down where it hasn't been, usually by elaborate sudo rules for the various role users (unix admin, oracle admin, business users etc).  Most of this really needs MAC, but the practical problem seems to be that the rule-based things (like sudo) implementing the access controls become so complex people can't understand them (I think the sudoers file where I work is 10,000 lines).  I think more sophisicated privilege models (which all the flavours probably have now, but in incompatible ways) would probably make the complexity worse.

Sorry, this is off-topic, although in some ways it's relevant I suppose: using a system like Unix in an environment for which it really wasn't designed leads to insane complexity.