Very, very true. PWB was all about introducing UNIX into the comp
centers which were all ready in existance, with big iron sitting
in them. Existing staff was tapped to run PWB as well, typically
consisted of operators, system administrators, system programmers,
program counselors, and accounting personal. None were researchers,
UNIX was a service to be provided, the goal was to keep the machines
up and running to charge for usage.
> From: <scj(a)yaccman.com>
>
> Recall that in those days, "systems administrator" was an entry level,
> minimum wage job. Most worked third shift, and their primary duties were
> to mount and dismount disc backup tapes. Those people who actually did
> administration in the sense we think of it were greatly underpaid and
> disrespected. The next decade or two, particularly with networking,
> caused a huge change. The Usenix LISA conferences did a lot to raise
> consciousness that there was a real there there.
>
so RJE first, yes as written it did require that chown() work as non-root,
as it ran as the "rje" euid and did chown() files to the user's uid, I do
not believe that was the cause of the chown() semantics change, just a use
of it. iOne could do the same thing by other means (run as root, have a
setuid 0, file owner changer, etc) if chown(2) was root only. Why did I
believe that?
in section V.
(iv) Make changes to the UNIX system only after much delibera-
tion, and only when major gains can be made. Avoid chang-
ing the UNIX system's interfaces, and isolate any such changes
as much as possible. Stay close to the Research UNIX system,
in order to take advantage of continuing improvements.
OK now lets look at a passage from VI --
A good many UNIX (as opposed to PWB/UNIX) systems are run
as "friendly-user" systems, and are each used by a fairly small
number of people who often work closely together. A large frac-
tion of these users have read/write permissions for most (or all)
of the files on the system, have permission to add commands to
the public directories, are capable of "re-booting" the operating
system, and even know how to repair damaged file systems.
The PWB/UNIX system, on the other hand, is most often found
in a computer-center environment.
So the old way, no one even really needs chown() everybody had access to
everything.
then 8.1
The first major set of reliability improvements concerned the
handling of disk files. It is a fact of life that time-sharing sys-
tems are continually short of disk space;
...
long-term tape backup copies, on the other hand, offer users the
chance to delete files that they might want back at some time in
the future, without requiring them to make "personal" copies
disk is always full, and users are discourged from making multiple copies
of f and even encourge to remove stuff you do not need right now and get
it from backup later, let alone making copies of someone else's files.
next from 8.4, while its abouttrying to solve the uid shortage
(only 256 at the time) it shows you the users' mind set, groups tended to
functionally operate as single user, but everyone still wanted a unique id.
.... depended heavily on the
characteristics of the PWB/UNIX user community, which, as mentioned
above, consists mostly of groups of cooperating users,
rather than of individual users working in isolation from one
another. Typical behavior and opinions in these groups were:
(i) Users in such a group cared very little about how much
protection they had from each other, as long as their files
were protected from damage by users outside their group.
(ii) A common password was often used by members of a
group, even when they owned distinct user-IDs. This was
often done so that a needed file could be accessed without
delay when its owner was unavailable.
(iii) Most users were willing to have only one or two
user-IDs per group, but wanted to retain their own login names
and login directories. We also favored such a distinction, because
experience showed that the use of a single login name by
more than a few users almost always produced cluttered
directory structures containing useless files.
so the group members would know each othesr passwords (but there were many
groups on the same machine) thus non-root chown() become self-service in
sharing of files between group members, without the need of system
administrator involvment. while one could give their files to someone
outside the group, it is not productive.
And then --
to improve the security of files, a few commands were
changed to create files with read/write permission for their own-
ers, but read-only for everyone else. The net effect of these
changes was to greatly enlarge the size of the user community
that could be served, without destroying the convenience of the
UNIX system and without requiring widespread and fundamental
changes
shows the need to lock down file access, which means if you are sharing
in Research UNIX you did not need to chown() files, you could
just write them, but PWB will lock it down so a different group cannot
muck with it.
Now you are going to say this could all be done with proper use of group ids
and group permissions. I agree, but in practice it was not done, as PWB
even consdidered the complete removal of gids, but only decided against it
as they would have to change too much software --
considered was that of
decreasing the available number of the so-called "group-IDs," or
removing them entirely, and using the bits thus freed to increase
the number of distinct user-IDs. Although attractive in many
ways, this solution required a change in the interpretation of
information stored with every single disk file (and every backup
copy thereof), changes to large numbers of commands, and a fun-
damental departure from the Research UNIX system during a time
when thought was being given to possible changes to that
system's protection mechanisms. For these reasons, this solution
was deemed unwise.
> From: Clem Cole <clemc(a)ccc.com>
>
> Brian - I know the paper and Mash - the 3rd author and lived the times ;-)
>
> I just don't see how having the ability to give away a file to some one
> else made it easier for anyone - system programmer or admin. The idea of
> giving a device back begs the question of how did you get ownership in the
> first place.
>
> The one thing I could think of was something like the RJE system that you
> would wanted to have made your files be owned by the RJE system, have them
> send it to the mainframe, get back information and then give the results
> back to you. If they wanted to do that subsystem with out a root style
> privilege, you would need some way to give files away.
>
> But I can think of other ways to do that without needing the chown(2) call
> to work with that semantic, so I really don't understand what it was used.
>
> To me, it does not seem to be worth much. As I said have to ask Mash if
> he remembers why it was considered a good idea.
>
> Clem
Yep, but where did the user base from PWB come from? They were
existing professional programmers from the mainframe world, still
writing for the mainframe, now sumbmitting via UNIX RJE.
Where did the sysadmins of PWB that added these users come from?
Same answer. If users are not added into the right groups, and
the users don't know (or need, care, or be able change) groups,
they don't get implemented properly.
And if you don't have gids, want to collaborate, and are discouraged
from copying, you need to do a ton of chown()s
> From: Larry McVoy <lm(a)bitmover.com>
>
> > Now you are going to say this could all be done with proper use of group ids
> > and group permissions. I agree, but in practice it was not done
>
> Bzzt. We have a solution, they should have used it.
>
it follows the philosophy of pwb -- a usable system for disparate small groups
of developers on the same hardware that could be managed by admins not
system programmers.
read http://www3.alcatel-lucent.com/bstj/vol57-1978/articles/bstj57-6-2177.pdf
for the flavor of that time, and you'll understand better.
> From: Clem Cole <clemc(a)ccc.com>
>
> Brian - right as I showed in the code snippet from V6 and PWB. The idea
> came into being with PWB.
> The question that is still open is why was it added/need in the first
> place? I always thought is was a crazy/miss feature,
>
> I think the argument is that if you owned the file, you should be allowed
> to give it to anyone else [including root] - but that actions opens up a
> number of issues (you pointed the big security one that was handled by
> and-ing off the SUID/SGID bits). There are accounting issues as well as
> the practical one that Tim and I pointed out with importing of files on a
> tape.
>
> As I said, the file give-away feature comes into UNIX with PWB, so I would
> ask Mash is he remembers why it was needed and why the SVID folks wanted
> it. As I said, I personally found it not useful/a bad idea/miss-feature.
> I remember that I soon after I learned about it/got bitten by the side
> effect, I ran into dmr and srb at a USENIX and asked them about that a few
> other System III features that I found a little strange. I don't remember
> much of the conversation. But, if there are been a "good" reason I think
> I would have remembered it and not always thought it to be a bad idea.
>
> Clem
Indeed, research Unix never allowed ordinary users to
change a uid. And even in the first edition, the superuser
was not allowed to do so on set-uid files, presumably to
prevent inadvertent laying of cuckoo eggs. The v6 note
about interaction with accounting reflected field
experience with the overly liberal stance of other Unixes.
non-su chown worked in pwb, if the caller owned the file. code had to be
added then to the system call to strip the setuid/setgid bits if you were
not su, for obvious security reasons. you didnt see that bit stripping
in, say the v6/v7 code.
> From: Tim Bradshaw <tfb(a)tfeb.org>
>
> Sorry if this is off-topic but I bet someone here will know.
>
> I recently had a significant surprise when I discovered that on HP-UX ordinary users can still give away files. Various of us who remember fairly old Unixes then sat around trying to remember which systems had this and where it came from: getting it almost entirely wrong, it turns out.
>
> What we remembered was that it came from BSD, but this seems to be entirely wrong. It looks like it originated with System III / V, and perhaps was imported from there into some SunOS (possibly it was in all versions before Solaris?) which is why we remember it as being in BSD. It must have been in some 80s system or we would not remember it. POSIX still allows it but clearly reluctantly.
>
> So the questions are: (a) did it originate in System III or does it go back further than that, and (b) was it in the BSD-derived SunOSes or are we just making that up?
>
> And I guess: who thought this was a good idea?
>
> Thanks
>
> --tim
OK, let me try this one more time with links to get around the
restrictions on the message size.
I was cleaning out my basement and I
found a box of stuff from my office at BRL (where I left in 1987).
Most
of it was buttons I'd picked up at trade shows and SF cons (I had a
fabric partition next to my desk that I had them all stuck to.
Of
course in the box (among a couple of later editions) was Armando's
original UNIX license (note no reference to DEC):
Also in the box were
some buttons from various UNIX conferences. I particularly remember the
Sex, Drugs, and Unix one. Some of you will also remember the year I was
giving out the No Ada shirts. There's a picture of dmr wearing one
floating around somewhere.
Sun was giving out these one year:
Peter
Langston thought this was a little conceited on Bill Joy's part, so the
next show he arrived with buttons to hand out that said things like "The
psl of UNIX" and "The dmr of UNIX". I had a "The ron of UNIX" somewhere
but I couldn't find it in the box.
Finally there was this wooden
nickle courtesy of Bill Yost...
> The wikipedia description
> <http://en.wikipedia.org/wiki/CAT_(phototypesetter)>
> seems pretty accurate although I have never seen the beast myself.
I can confirm the wikipedia description. At Bell Labs, however, we
did not use paper tape input. As soon as the machine arrived, Joe
Ossanna bypassed the tape reader so the C/A/T could be driven
directly from the PDP-11. The manufacturer was astonished.
The only operational difficulty we had was with the separate
developer. If you didn't hand feed the end of the paper perfectly
straight into that machine, the paper would tear. Joe Condon
fixed that by arranging for the canister to sit on rollers so
it could give when the paper pulled sideways.
The first technical paper that came off the C/A/T drew a query
from the journal editor, who'd never seen a phototypeset
manuscript before: had it been published elsewhere?
Doug
> Didn't the BSTJ get phototypeset on your typesetter??
Not that I know of. But Charlie Brown's office did use it.
Brown, the CEO of AT&T, did not like wearing reading glasses
when he made a speech, so his speechwriters produced the
text in large type. Once they were into document preparation
they began to use our machine for other things. When I
discovered that confidential minutes of AT&T board meetings
were in our file system, I told them the facts of life
about computer security, especially at the center of the
UUCP universe, and persuaded the executive suite to get
its own machine.
Doug
the one at WH was directly connected to a vax 11/780, no paper tape either.
so that now finally explains why /dev/cat was write only, it was substituted
for a paper tape reader. it was always a curiosity that you could write
to it, yet never read it (i.e. get a status). a "cat /dev/cat" would
get you a "cat: cannot open /dev/cat" while a "cat /some/file > /dev/cat"
would succeed, but act like you used /dev/null instead
(as /some/file was not valid phototypeseter input)
> From: Doug McIlroy
>
> > The wikipedia description
> > <http://en.wikipedia.org/wiki/CAT_(phototypesetter)>
> > seems pretty accurate although I have never seen the beast myself.
>
> I can confirm the wikipedia description. At Bell Labs, however, we
> did not use paper tape input. As soon as the machine arrived, Joe
> Ossanna bypassed the tape reader so the C/A/T could be driven
> directly from the PDP-11. The manufacturer was astonished.
>
> The only operational difficulty we had was with the separate
> developer. If you didn't hand feed the end of the paper perfectly
> straight into that machine, the paper would tear. Joe Condon
> fixed that by arranging for the canister to sit on rollers so
> it could give when the paper pulled sideways.
>
> The first technical paper that came off the C/A/T drew a query
> from the journal editor, who'd never seen a phototypeset
> manuscript before: had it been published elsewhere?
>
> Doug
>
