On Fri, Nov 03, 2000 at 05:28:37PM -0500, Greg A. Woods wrote:
> 
> >  I 
> > really, really don't like the idea of implementing zillions of 
> > special-purpose "uid"s.
> 
> That's more or less irrelevant since in the Unix security model as it is
> generally interpreted and implemented the only correct solution is to
> define unique special-purposed IDs to separate out privilege amongst
> otherwise unprivileged users.  (True "privilege" is reserved for one,
> and only one, ID in Unix:  the superuser.)

I think you miss the point.  When I say that I don't like the idea of 
implementing zillions of special purpose "uid"s, it is in the context
of the previous proposal that we add a "fsuid" as we have an "euid", a
"ruid", and in some Unices a "saved set-user id".  I have no quibble
with doling privilege out to different user IDs to restrict its scope;
I *do* have a serious quibble with the half-baked notion of a "uid for
filesystem purposes", a "uid for network purposes" and so forth.  If you
really want to go *there*, a capability model would serve the same
purpose much better, I think.

Thor