Re: Directories traversal (was Re: the deadly hypercube of death, or: handling permissions)

[Marcus Brinkmann]

At Fri, 28 Apr 2006 01:17:08 +0200,
Pierre THIERRY <address@hidden> wrote:
> 
> [1  <multipart/signed (7bit)>]
> [1.1  <text/plain; us-ascii (quoted-printable)>]
> Scribit Marcus Brinkmann dies 28/04/2006 hora 00:54:
> > (1) The only components of the file system that are global are
> >     globally share static files, like system-provided software
> >     packages.  Each user has their own mutable file system, that can
> >     not be accessed by any other user (unless parts of it are
> >     explicitely shared).
> > 
> > (2) The only program that usually has access to your root directory is
> >     your shell (ie, your environment).  Applications only get access
> >     to selected files or subdirectories via the powerbox.
> > 
> > (3) You can introduce proxy-directory servers (or using the powerbox)
> >     that reduce permissions following arbitrary policies.
> 
> I can't really link this to a POSIX-like system, which I suspect we will
> support in the Hurd.

At several layers.  At the native layer, POSIX emulation will be
incomplete.  At a higher layer, POSIX emulation will be isolated.

> Where will these user mutable filesystem reside?

Whereever we want it to be.  It could be in the form of a union filesystem.

> IIUC, each entry of /home would be a proxy, is that right?
> 
> Do we use the same scheme for /etc and /var, where application specific
> and sensitive data can exist?

Think outside the box.  We are not talking about a Unixish system here.

Thanks,
Marcus