Re: FSCopyObjectAsync: useless and crippled
Re: FSCopyObjectAsync: useless and crippled
- Subject: Re: FSCopyObjectAsync: useless and crippled
- From: email@hidden
- Date: Sun, 15 May 2005 09:43:21 +1000
Apple's authentication services provides a framework for
arbitrarily fine-grained control over permissions (read up on the
policies framework). The problem is that no one ever takes the
time to set it up. They just ask for authentication services for
"root" and start whacking away.
Largely because of the perceived lack of a difference - as you noted,
on Unix you're either root or a nobody. Asking for a specific
privilege might be handy if you're passing privileges around between
apps, but if it's within the same app, ultimately what you need
(whether you *want* it or not) is root, so why beat around the bush
about it? (devil's advocate again)
The other problem is that OS X / Next is built on BSD. And, like
in most Unix systems, one's permission environment (file access,
process UIDs, etc.) is based solely on your current EUID. So to
change permissions for any of the underlaying Unix APIs, you only
have one choice -- first change your EUID -- which changes the
premissions for everything your process can do. The only
alternative I see would be to dump Unix.
As I understand it Mach and BSD are on the same level in current
Darwin... Apple should probably expose the finer-grained Mach
privilege model better, and obsolete the BSD side. We're starting to
see something towards this, with ACLs in the file system at least...
Wade Tregaskis (AIM/iChat, Yahoo & Skype: wadetregaskis, ICQ:
40056898, MSN, audio/video iChat & email: email@hidden,
Jabber: email@hidden)
-- Sed quis custodiet ipsos custodes?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden