We tend to forget about it these days, but the Unix permissions model was criticized for decades for being overly simplistic. One user having absolute authority, with limited ways to delegate specific authority to other users, is not a good model for multi-user operating systems. At least not in environments with more than a few users.
A well-configured sudo or SELinux can overcome this, which is one reason we don’t bring it up much anymore. We also changed the whole model, where most people have individual PCs, and developers are often in their own little VM environment on a larger server.
I agree with the critics, the Unix permission model is too basic. I’ve run into this myself doing the very difficult operation of “reusing an ext4 USB drive on another computer” because all the files were suddenly owned by a user that didn’t even exist on my laptop.
NTFS fixed this issue by having the OS generate user IDs across systems rather than reusing the same IDs and making the administrators match everything up. I don’t think selinux can fix that, though.
I welcome the extensions bringing Linux’ permission model to the 21st century, but the way they’ve all been implemented independently does cause some weird edge cases that clearly nobody has tested.
We tend to forget about it these days, but the Unix permissions model was criticized for decades for being overly simplistic. One user having absolute authority, with limited ways to delegate specific authority to other users, is not a good model for multi-user operating systems. At least not in environments with more than a few users.
A well-configured sudo or SELinux can overcome this, which is one reason we don’t bring it up much anymore. We also changed the whole model, where most people have individual PCs, and developers are often in their own little VM environment on a larger server.
I agree with the critics, the Unix permission model is too basic. I’ve run into this myself doing the very difficult operation of “reusing an ext4 USB drive on another computer” because all the files were suddenly owned by a user that didn’t even exist on my laptop.
NTFS fixed this issue by having the OS generate user IDs across systems rather than reusing the same IDs and making the administrators match everything up. I don’t think selinux can fix that, though.
I welcome the extensions bringing Linux’ permission model to the 21st century, but the way they’ve all been implemented independently does cause some weird edge cases that clearly nobody has tested.