goldfain@osiris.cso.uiuc.edu (12/03/87)
Okay, we've kicked the "write-permission vs. rm" issue around for a while.
What do people think of the idea of having a "delete permission" bit in
addition to the 3 unix permissions of read, write, and execute ?
One way to protect important files from "rm" would then be to deny this
permission. I realize most systems don't make this distinction, since to the
programmer's mind, write permission and delete permission are about
equivalent. What this discussion has highlighted however, is that there is a
subtle difference. Programmers do not often trash important files while
editing them. If they do, most good editors have automatic backup schemes
that allow the programmer to recover from his error. And even at the worst,
only one file is usually zapped in this way (and after that NONE for quite a
period of time, right?) But a wayward character on file-management level
commands can trash immense amounts. So in practice there is a difference.
- Mark Goldfainrick@svedberg.UUCP (12/07/87)
In article <10300004@osiris.cso.uiuc.edu>, goldfain@osiris.cso.uiuc.edu writes: > > What do people think of the idea of having a "delete permission" bit in > addition to the 3 unix permissions of read, write, and execute ? > One way to protect important files from "rm" would then be to deny this > permission. I realize most systems don't make this distinction, since to the > programmer's mind, write permission and delete permission are about > equivalent. What this discussion has highlighted however, is that there is a > subtle difference. Programmers do not often trash important files while > editing them. If they do, most good editors have automatic backup schemes > that allow the programmer to recover from his error. And even at the worst, > only one file is usually zapped in this way (and after that NONE for quite a > period of time, right?) But a wayward character on file-management level > commands can trash immense amounts. So in practice there is a difference. In many non-Unix systems, there is a distinct difference between write and delete premission. On both the Prime and Unisys 1100 systems, there is a distinction made between writing and deleting a file. As you pointed out, there is a subtle difference between the two and most of the systems I have been on make this distinction. (As I remember, the old TOPS-10 also made a distinction between write access and delete access.) One other permission bit which should also be considered is the permission to change protection bits. Again, the systems I have worked with make a distinct distinction between permission to use the file and permission to change the attributes of the file. All of these considerations really come into play when you start discussing file security. In most security system, you want to make the granularity of permission as fine as possible without making it so fine as to eat your machine everytime a file is opened. The permissions which I feel are necessary are: read, write, execute, delete, and change-protection. For directories, I would add bits to allow a directory to be used but not viewed and permission to list a directory. Richard H. Miller Email: rick@svedburg.bcm.tmc.edu Head, System Support Voice: (713)799-4511 Baylor College of Medicine US Mail: One Baylor Plaza, 302H Houston, Texas 77030
jpm@beta.UUCP (James P Mcgee) (12/08/87)
One other permission that I feel is necessary for some applications is an append permission. This differs from write permission in that, while nothing that is already there can be changed, new data may be added. To add new data to a file, or directory, in Unix requires write permission. However, this also allows the user to change information that is already present, or to delete it by changing it to null. Consider a log file of system events, or a mailbox, or a bulletin board system. In each of these cases, general users (programs) must be able to add information, but should not be able to change, or in some cases, even read what is already there. Pat McGee, jpm@lanl.gov, MS B272, Los Alamos National Laboratory, Los Alamos, NM, 87545. (505) 667-4196 (FTS 843-4196)
kbe@dde.uucp (Kjeld Borch Egevang) (12/16/87)
In article <13159@beta.UUCP>, jpm@beta.UUCP (James P Mcgee) writes: > > > One other permission that I feel is necessary for some applications is an > append permission. This differs from write permission in that, while > nothing that is already there can be changed, new data may be added. > To add new data to a file, or directory, in Unix requires write permission. > However, this also allows the user to change information that is already > present, or to delete it by changing it to null. I think append and delete-rights have something in common. If you can't delete a file it shouldn't be allowed to truncate it. That would deal with e.g. redirecting with > instead of >>. Perhaps the rule could be that you could only overwrite data if you have delete-rights. Does anybody know the how the delete-rights are in VMS ? Kjeld Borch Egevang Dansk Data Elektronik Danmark UUCP: ...mcvax!diku!dde!kbe or kbe@dde.UUCP