Re: About the login shell
I investigated file permissions for the Hurd a couple of years ago.
The upstream maintainer of fileutils (Michael Stone I think it was?)
told me the Hurd shouldn't bother with the extra permission bits for
the unauthenticated user since the problem would be much more effectively
solved by ACLs. He further went to tell me that fileutils (back then
in about 2000 mind you) was having ACL capabilities added to it.
Consequently, assuming ACLs have been added by now (I haven't looked
into it since) much of the work should be done and all that really
remains is adding Hurdish support for them. And maybe patching the
odd program which doesn't access the permissions interface in a
manner easily translatable into ACLs.
I thoroughly believe that ACLs would be a much cleaner solution for
this problem than an extra set of permission bits. Not only would it
incidentally solve the problem of permissions for the unauthorised
user, it would solve any more similar problems without the further
hacking an extra set of permission bits would require and also offer
MUCH more flexibility for administrators and users alike to set
permissions in precisely the way they want. Unix permission bits are
simply incapable of fulfilling the needs of many users and ACLs would
solve this annoying difficulty.
ACLs all the way is my vote.
> ACL's (Access Control Lists, for those who haven't heard the term
> before), are, theoretically, a superior form of security for an OS,
> since they allow the administrator to have more fine-grained control
> over access to the system.
> However, the only system I'm familiar with that uses them is Windows
> NT/2K/XP. In my experience, they actually make the system less secure,
> because they are much less intuitive to work with than the standard UN*X
> file permissions.
> I assume that the Hurd is sticking with the traditional UN*X model
> because most sysadmins who are used to UNIX will find this easier to
> work with. Furthermore, switching to an ACL-based model would probably
> break compatibility with traditional Unices, or at the very least,
> require a lot of work porting existing programs that depend on the UN*X
> security model.
> Of course, the flexibility of the Hurd should make it easier to build
> ACLs into the GNU system at some point in the future, should the need
> for them arise. (Can anyone with more experience than me comment on this?)