Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

But imagine if you were the bank-safe owner. Shouldn't you be able to change the lock?


That would be what root is.

I think a more appropriate question would be, if the key fits, couldn't you change the lock?

Maybe, that would give you 3 abilities.

1 Lock yourself out if you please? Not terrible

2 Provide access to others, which makes sense since you already have access to the file, you could theoretically share it through other channels, you naturally cannot prevent this.

3. Lock others out. This one is less of a security risk and more of a nuisance risk.

I think the unix model is simple, maybe selinux offers more sophistication. That said the unix chown behaviour could have gone either way in terms of security, but in terms of design it makes sense as is.


> That would be what root is.

In this analogy, I think the analogue of the owner of the bank safe is the owner of the file. Unless you're envisioning the bank safe as representing all the files, rather than just one ...?


No, the bank owns and administers each safe, they lease it to you. They would be root.

UNIX ownership isn't necessarily legal ownership, files are not real property.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: