l4-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: What's in a group?


From: Jonathan S. Shapiro
Subject: Re: What's in a group?
Date: Sun, 19 Mar 2006 22:15:17 -0500

On Sun, 2006-03-19 at 19:33 -0500, Michael D. Adams wrote:
> On 3/19/06, Marcus Brinkmann <address@hidden> wrote:
> > At Sun, 19 Mar 2006 17:58:16 -0500,
> > Thomas Schwinge <address@hidden> wrote:
> > >
> > > On Sun, Mar 19, 2006 at 11:17:48PM +0100, Marcus Brinkmann wrote:
> > > > But what corresponds to the Unix group concept?  I have identified two
> > > > semantic uses for a "group":
> > > >
> > > > 1) Sharing information and authorization.  Ie, allow communication
> > > >    among users of the same group.
> > > >
> > > > 2) Provide durable storage that is not associated with any particular
> > > >    member of the group.
> 
> What if I have secret surprise party plans for John who works on 5th
> floor and everyone on that floor is invited.  Everyone in the
> 5th_floor group should be able to read them *except* for John.  I
> could make a group 5th_floor_except_john...

I think that we are getting led astray here.

First, I think that Marcus has the semantics *almost* right. He has left
out the third requirement for conventional groups:

  3) Mere membership in a group should not convey the authority to
     add a new party to the group.

We need to look at that statement and agree that it is nonsense. If I am
in a group, I can proxy for you cheaply. This is *especially* true in an
IDL-based system, where the proxy agent can be completely generic.

This meant that there is no security motivation for preventing member A
from adding a new member B.

Actually, that is really a pretty nice thing, because it means that we
can reduce a group to a pair of capabilities:

  1. A capability to a source of storage, with the intention that
     this can be used by any member of the group.

  2. A capability to a directory object that holds all of the objects
     that the group needs to share.

That's it. The only part of this that potentially requires an
administrator is if this storage has to be independent of the users.

shap





reply via email to

[Prev in Thread] Current Thread [Next in Thread]