[EMAIL PROTECTED] wrote:
> > Well, you get the picture.
> >
> > This is the kind of fine-grain control that mini/mainframe programmers
> > are griping about when they say that Unix is unsuited for commercial
> > applications, rather than a lack of flashy spreadsheets.
> >
> > However, Unix never made the claims seen in my .sig: (yup, those
> > are straight quotes, in their proper context).
> >
>
> Thanks for information. But about the conclusion that Unix
> is't unsuited for commercial application I think is a bit more to talk:
>
> I think it is perfect to have this possibility to set control
> on a part of a file, but I think those can't be part of operating system
> while we talk about a large ussable OS. Let me said what I understood then
> show me if I wrong:
> A posibility to set access rights to parts of a file.
> I.e some user should be allowed to read from offset n*0 .. n*100,
> some users to be allowed to write to offsets n*101 .. n*250 etc.
> But what will happend if other database engine use text entrys with
> variable size record? Will be forced to say: Only fixed records databases
> are allowed on that OS?
> Or may need an software tools wich scan for record to be read and verify
> where it is second field on ther record and look for access rights.
> Should be possible, but I think this tosls must be part of database
> engine not on the OS kernel.
> On an mainframe with a proprietary OS and wich use only one database
> engine, they can implement as kernel part some security tools, but for
> an OS ussable for everything ....... I think that job can't be performed
> by the OS.
>
> Did I wrong with something?
Well, it can be performed by the OS; however, it's debatable whether
it should be.
Unix's I/O model treats everything as a sequence of bytes, with either
random access (files and block devices) or sequential access
(character devices, pipes and sockets). The OS doesn't have any notion
of fields, records etc.
This has a certain elegance, providing uniformity and simplicity, and
enabling you to do a lot of different things with a small set of
standard tools.
Unix's permission mechanism wasn't intended to cover all conceivable
scenarios, but to provide sufficient primitives to allow arbitrary
access control mechanisms to be built.
For anything more involved than the standard file permissions, a
`universal loophole' is provided by the setuid/setgid mechanism. You
make the data accessible only to some privileged user (or group), and
then implement your access control mechanism in the application.
So, it's basically a toss-up between features or simplicity. Judging
by the longevity of Unix, it would seem that simplicity wins.
--
Glynn Clements <[EMAIL PROTECTED]>
