Re: Thinking outside the box on file systems

[Kyle Moffett]

On Aug 15, 2007, at 12:02:41, Marc Perkel wrote:
> Kyle, thinking further outside the box, files would no longer have  
> owners or permissions. Nor would
> directories. People, groups, managers, and other  objects with have  
> permissions. One might tag a file with the object that created it  
> so you could implement "self" rights which might be use to replace  
> the concept of /tmp directories.

Well, that's actually kind of close to how SELinux works.

This is the real fundamental design gotcha:
  Our current apps *AND* admins speak "UNIX" and "POSIX".  They  
don't speak "MarcPerkelOS" (or even "SELinux").  As long as there is  
not a reasonably-close-to-1-to-1 mapping between UNIX semantics and  
your "outside the box" semantics, the latter can't really be used.   
It would just involve rewriting too much code *AND* retraining too  
many admins from scratch to make it work.  Hell, even Windows and Mac  
have moved towards a UNIX-like permissions system, precisely because  
it's a simple model which is relatively easy to teach people how to  
use.  ACLs are just a slight modification of that model to allow two  
things:
  (A) Additional user/group permissions
  (B) Default permissions for new child files/dirs/etc

People are having a huge problem with SELinux permissions as is, and  
portions of that are a fairly standard model that's been worked over  
in various OSes for many years.  I seriously doubt that anything that  
far "outside the box" is going to be feasible, at least in the near  
term.

Good new filesystem developments are likely to be ones which preserve  
the same outer model, yet allow for deeper/more-powerful control for  
those users/admins who need it.

Cheers,
Kyle Moffett

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/