 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible wrote:
> Ah, I see. (Why the heck is it called "nice" then?)
Note that "nice" is being used as a verb, as in "make this process nice."
--
Darren New, San Diego CA, USA (PST)
There's no CD like OCD, there's no CD I knoooow!
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New <dne### [at] san rrcom> wrote:
> NTFS has a better permissions model than UNIX does
I like how you are comparing a file system to an operating system, like
they were the same type of thing, comparable to each other.
(One thing I really fail to understand about NTFS: Since NTFS has so
many fancy features, why doesn't WinXP support them? And by support I mean
it doesn't offer any kind of user interface to handle them, not even for
power users, who could benefit from it.
Is Vista any better in this regard? Knowing Microsoft, I wouldn't be
surprised if it wasn't.)
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New <dne### [at] sanrrcom> wrote:
> Invisible wrote:
> > Ah, I see. (Why the heck is it called "nice" then?)
> Note that "nice" is being used as a verb, as in "make this process nice."
Compare to "renice", which changes the priority of an already running
process.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Warp wrote:
> Darren New <dne### [at] sanrrcom> wrote:
>> NTFS has a better permissions model than UNIX does
>
> I like how you are comparing a file system to an operating system, like
> they were the same type of thing, comparable to each other.
If UNIX permissions systems suck, you're not going to be able to write a
decent file system permissions mechanism, unless you go outside the realm of
UNIX. (E.g., SQL has a sophisticated permissions system implemented under
UNIX, but you can't access it via the normal UNIX mechanisms. The same holds
for GFS.)
Just like if your file system sucks, it doesn't matter how good your
permission system is in the OS, it's not going to work on the files. (e.g.,
FAT under NT sucks permissions-wise.)
NTFS only runs under NT/XP/Vista/etc. NTFS under UNIX has a suckful
permission system, indeed even worse than ext under UNIX. But I knew if I
said XP has a better permission system, someone would gripe about FAT under
XP being worse than UNIX, so I phrased it the way I did very carefully. The
thing holding back good permissions for a file system on Windows is the file
system (FAT sucks, NTFS is good). The thing holding back good permissions
for a file system on UNIX is the kernel (all FS's suck equally, because the
infrastructure needed just isn't in the kernel). Hence the comparison.
Unless you have an example of a UNIX file system whose permissions are
comparable to NTFS's? If you do, let me know, because that would be awesome.
> (One thing I really fail to understand about NTFS: Since NTFS has so
> many fancy features, why doesn't WinXP support them? And by support I mean
> it doesn't offer any kind of user interface to handle them, not even for
> power users, who could benefit from it.
Like what is lacking? A lot of the more sophisticated features don't make
sense to use without the backing of particular software. For example, it
doesn't make sense to provide a detailed user interface for offlined files
if you don't have any backup software installed that creates offlined files.
The only NTFS feature I'm aware of that doesn't come with some GUI built
into explorer somewhere to handle it is hard and soft links.
> Is Vista any better in this regard? Knowing Microsoft, I wouldn't be
> surprised if it wasn't.)
It depends what features you're talking about, but generally, yes.
--
Darren New, San Diego CA, USA (PST)
There's no CD like OCD, there's no CD I knoooow!
Post a reply to this message
|
|
| |
| |
|
|
From: Fredrik Eriksson
Subject: Re: Stupid question of the week
Date: 11 May 2009 15:26:08
Message: <op.utr5luhe7bxctx@e6600>
|
|
|
| |
| |
|
|
On Mon, 11 May 2009 17:58:49 +0200, Darren New <dne### [at] sanrrcom> wrote:
>> (I wonder how you get it to do the thing where it *asks* for permission
>> to do stuff?)
>
> There's a flag in the header of the executable.
Is there? I thought this was configured in the manifest.
--
FE
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Fredrik Eriksson wrote:
> On Mon, 11 May 2009 17:58:49 +0200, Darren New <dne### [at] sanrrcom> wrote:
>>> (I wonder how you get it to do the thing where it *asks* for
>>> permission to do stuff?)
>>
>> There's a flag in the header of the executable.
>
> Is there? I thought this was configured in the manifest.
I was sloppy. I should have said "it's a flag in the metadata in the
executable". Better? :-)
--
Darren New, San Diego CA, USA (PST)
There's no CD like OCD, there's no CD I knoooow!
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
> Unless you have an example of a UNIX file system whose permissions are
> comparable to NTFS's? If you do, let me know, because that would be
> awesome.
There ARE ACL systems for Unix.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Nicolas Alvarez wrote:
> Darren New wrote:
>> Unless you have an example of a UNIX file system whose permissions are
>> comparable to NTFS's? If you do, let me know, because that would be
>> awesome.
>
> There ARE ACL systems for Unix.
Yes, but still based on the UID, on root having all access, and so on. And
as far as I can tell, no per-file encryption, no inherited permissions.
For example, when I can unplug a USB drive off one Unix system and plug it
into a different one and Fred (uid 1002) can't get to Jane's files (also uid
1002) on the USB drive, I'll be pleasantly surprised. Is there anything
already in Linux or whatever to make that work?
Does the Linux equivalent of "active directory" (which was Kerberos last I
looked) interact with the local file system well?
--
Darren New, San Diego CA, USA (PST)
There's no CD like OCD, there's no CD I knoooow!
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Darren New wrote:
> For example, when I can unplug a USB drive off one Unix system and plug
> it into a different one and Fred (uid 1002) can't get to Jane's files
> (also uid 1002) on the USB drive, I'll be pleasantly surprised. Is there
> anything already in Linux or whatever to make that work?
Windows does this by assigning to every PC and every domain a large
random number which is hopefully "unique". Every user account created on
a specific PC has that PC's number as part of the account number.
Similarly, every domain user account has the domain number as part of
the account number.
If, by some freak of nature, two machines had the same ID, you could
indeed to weird stuff like what you're suggesting. It's just rather
unlikely. (Cloning a harddrive image and forgetting to randomise the ID
afterwards is about the only way...)
> Does the Linux equivalent of "active directory" (which was Kerberos last
> I looked) interact with the local file system well?
Last I checked, Active Directory uses the (pre-existing) Kerberos
network protocol for authentication.
As I understand it, Kerberos defines the wire protocol for how an
arbitrary client connects to an arbitrary server and authenticates
itself. What kind of security model you build using this is completely
up to you.
In the case of MS, they built the domain model. [Or, more exactly, took
their existing domain model and replaced the horribly broken LANMAN
subsystem with Kerberos.]
Kerberos says nothing about what happens on the local machine. The MS
domain security model does.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v8 wrote:
> Kerberos says nothing about what happens on the local machine. The MS
> domain security model does.
Right. And my basic question there was whether the UNIX stuff underlying the
kerberos can distinguish uid 1002 on one machine from uid 1002 on another
machine.
--
Darren New, San Diego CA, USA (PST)
There's no CD like OCD, there's no CD I knoooow!
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
