Norbert Nemec <[EMAIL PROTECTED]> writes: > Make the files world-readable and have a anonymous guest-account on your > system - alas, you have exactly the same effect.
Not if I want to have some files which I want to be readably by any of the ordinary users, but not by guests. You could say that I have to use something like ACL:s to do that. But I think that guests are such a special case that it is reasonable to let the system be aware of the distinction between users and guests (more on this below). > OK, there is the alternative between introducing a more complex group system > or setting a forth set of permission bits correctly for the whole system. > The non-logged-in permissions will have to be set by the package > maintainers, but if we really need that functionality offered by the default > Debian system, we could just as well make a more complex group system part > of the policy. I think you will find that quite difficult. It would take a draft of such a system to convince me otherwise. > Yes: you will need to patch about every file manager that exists out there > that handles permissions in any way. mc, kfm, emacs, git, probably tons > quite a list of other programs. Well, I don't see it as a big problem if just some of the file managers know about the extra bits. It's quite important that tools like find know about them, though. BTW, you have a similar situation on systems with ACL:s, but I don't think that causes any big problems. > The question is not whether the concept of the non-logged-in user has any > drawbacks - it simply is quite an overkill for something that can be handled > by the existing user/group system just as well, a lot easier and much more > flexible and compatible. Ordinary users are individuals (or special system services), that are *identified* by their user name or uid. So it is reasonable for tools to assume that to be true for all users. The guest account violates this principle, so whenever a tool makes this assumption, the guest account becomes a security problem. Do you know of any reasonably secure Unix system that has an enabled guest account? I don't but perhaps I'm just ignorant. I believe it is too much work to make a guest account secure to make it a serious alternative. /Niels
