Norbert Nemec <[EMAIL PROTECTED]> writes: > The forth permission set, on the other hand are very specific > solution for a specific problem. Instead of generalizing the concept > of users and permissions in any way, this solution looks more like a > quick hack at a point where the developers did not have a > revolutionary idea.
There's actually an idea behind this that might be "revolutionary", at least compared to Unix. On Unix, each process has a current uid (except for some privileged processes, that can have a saved and an effective uid and generally switch back and forth to any uid it likes). On Hurd, a process can have any non-negative number of uid:s. A single uid might be the common case, but su can add other uids to a process while it's running. And processes with no uid:s at all (the login shell being just one example) is also possible. Now, when a process with n uid:s tries to open a file, you have to figure out if it is authorized to do that. If the process has some uids and gids, the process's rights are the union of the rights of each uid and gid. But what about the empty case: proceses with no uids at all? There are at least three alternatives: Deny all accesses. Or apply the "other"-bits, as if the process actually had some random unrelated uid (say, guest or nobody). Or add some extra bits to let the owner of the file choose the behaviour. (I hope I got the details right. I've been following the lists for a while, but I haven't read or written the code). /Niels
