[TUHS] History of chown semantics
John Cowan
cowan at mercury.ccil.org
Tue Jan 14 04:16:35 AEST 2014
SZIGETI Szabolcs scripsit:
> Well, with the same reasoning, we don't need passwords or protection
> bits on files, since I can always take a piece of steel pipe and beat
> the owner, until he gives out the data, so why bother?
More like beating my argument with a pipe than the owner.
> Blocking chown for general users is one level of several controls.
Its specific purpose was to make per-user quotas practical, but since
per-user quotas are as dead as the dodo, it no longer serves any known
purpose. Yes, it blocks a particularly crude substitute for MAC in the
now-unusual case of true timesharing as opposed to single-user clients
and single-purpose servers. But really it is nothing but security by
ceremonial. A better case could be made that it should require root
privilege to perform chmod, or at least any chmod that widens access.
--
You are a child of the universe no less John Cowan
than the trees and all other acyclic http://www.ccil.org/~cowan
graphs; you have a right to be here. cowan at ccil.org
--DeXiderata by Sean McGrath
More information about the TUHS
mailing list