On Wed, May 22, 2002 at 05:32:10PM +0200, Tobin Fricke wrote: > > > I think your idea that a GNU System shouldn't allow the sysadmin to limit > the freedoms of the users is pretty ridiculous. After all, it's the > sysadmin who owns the machine, pays for the network connection, is > responsible for network traffic originating at the machine, etc... > Certainly if a sysadmin WANTED to give users free reign of the machine, > that's fine... but they're certainly under no obligation to do so.
The sysadmin will likely be able to limit reasonable things like network bandwidth and disk space (although those limitations need to be implemented on a lower level) However, unreasonable things like mounting your own local/remote filesystems won't have any restrictions. It has always been done in UN*X but only for technical reasons, but there's no other point into disallowing users to mount a filesystem for example. Security is not compromised, you're just modifiying a file/device you have access to. If the sysadmin doesn't want you to modify the root filesystem (as usual ;), just set /dev/hd0s2 permissions to 600. Or he/she could want to allow reading to the root group, then set it to 640. Limitations are where you want them to be, they just need to be implemented in the kernel AFAIK (normal users can't set a storeio translator for hd0s2) But if you're a user and want to build a filesystem image for redistribution, there's no reason for the admin to stop you on that. In fact it's impossible to stop you, because you can write a userspace utility that does the necessary modifications, or you could even take components from the Hurd to accomplish that, and run them as normal user on top of GNU/Linux. In that sense the Hurd doesn't take limitations away, it just provides you with tools that override some practical limitations that can't be strictly considered as such. cheers, -- Robert Millan "5 years from now everyone will be running free GNU on their 200 MIPS, 64M SPARCstation-5" Andrew S. Tanenbaum, 30 Jan 1992 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]