bstempleton@watmath.UUCP (Brad Templeton) (08/07/83)
With more and more people running UNIX (TM of BTL) on their very own machine, I think we need to do another evaluation of permission schemes. Essentially, the problem is that you want to be full power (ie. root) on your machine, but you also want to protect yourself from dumb mistakes, and you want to make file permissions mean something. It's quiet annoying to have to be switching back and forth between su and yourself, although job control makes this a bit easier. My idea here is to make a modification to the shell so that the user can put it in "root shell" mode. In this case, the shell runs as root, but whenever it forks a command, it setuids to some chosen innocuous user. Thus as far as the user is concerned, he is not root. (This means you have to fork even things like echo and other built-ins, as well as forking before opening redirection files) If the command line has the word "root" or "su" or whatever on the front of it, however, the setuid is not done and everything proceeds with full power. ie. $ rm file rm: file not removed $ root rm file $ root (no arugment, no password ever requested) # (now you can do a long list of root things) ^D $ echo hi >/etc/passwd -- permissions denied The idea being that su has a password, but you never want to type it more than once. This could be done with a setuid program but this is faster and more secure. Another system that doesn't require the forking for normal commands is to create a half-baked root (uid 1) which has the one special power to do a setuid(0); to do what it wants. This requires kernal mods, however. Has anybody ever done this? -- Brad Templeton - Waterloo, Ont. (519) 886-7304