Mailinglist Archive: opensuse (770 mails)

< Previous Next >
Re: [opensuse] Separate /usr?
Brian K. White said the following on 08/14/2012 03:49 AM:
sco open server put home directories in /usr up until 5.0.5 or 5.0.6 but
that was always a terrible terrible mess. I never tried to create a user
named "lib" on a sco box but I wouldn't be surprised if the system
allowed it and made exactly the mess you are now imagining. I think
there was a system user named "bin" that was not login enabled and had
no home directory defined so that one skates by on technicalities. ;)

And there are many other entries in /etc/passwd ...
Go look.

Years ago there was a paper at a USENIX or some conference titled "Life
without root".
It showed how many subsystems could be administered without the need for
root. The paper used UUCP and mail as an example. At the time this was
dramatic but now its the way we do it. We see it subtly today in other
ways, there are files and devices owned by, for example, lp.

Logically we could have assigned sub administrators with relevant
logins. Delegation and all that.

Logically all those binaries and libraries could be managed and updated
by someone with less than root power. Call such an entity "bin".
Change ownership of /bin /usr/bin and the files beneath.

I've seen it done. A few hiccups with setuid-root programs ...

How much like Big Iron and the way Big Iron gets administered do you
want to be?

Traditionally Big Iron had few processes that were closely monitored and
tuned because process creation and inter process communications in the
traditional model; heck even the DEC VAX-VMS that grew up after UNIX and
had Bill Joy battling with Dave Cutler over performance issues between
VMS and VAX-UNIX had lots of static processes because process creation
was expensive. Part of what was revolutionary about UNIX was that
process creation was cheap-cheap-cheap, and so the shell could create
short lived, transient programs that did something simple (and hence
weren't complex and hence could be easily debugged and proved correct)
and combined with pipes by the shell. This was revolutionary. But
there was no way that such ephemeral, evanescent entities could be tuned
the way mainframe programs were, no way that principles of resource
management and optimization and all those other techniques could - or
needed - to be applies.

But, it seems, we're giving up on that.
Many of our models are getting to be more like the traditional mainframe
as versions of UNIX/Linux move in to take over work that was once done
by mainframes.

So perhaps we will see delegated authority making use of non root IDs to
do what used to be done by root. "Life without root".


--
Leadership is understanding people and involving them to help you do a
job. That takes all of the good characteristics, like integrity,
dedication of purpose, selflessness, knowledge, skill, implacability, as
well as determination not to accept failure. ~ Admiral Arleigh A. Burke
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups