OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Scalability metrics?
From: James Youngman (jaygnu.org)
Date: Sun Feb 13 2000 - 15:53:35 CST


Bennett Todd <betrahul.net> writes:

> 2000-02-12-18:34:29 Brad Knowles:
> > IMO, the entire concept of actually using something like
> > separate uids for each and every mailbox is just totally and
> > completely alien to me. There is *nothing*, in any ISP operation
> > I have ever personally witnessed, where this sort of approach
> > would seem to make sense.
>
> In my humble opinion, which isn't backed with the real world
> experience your opinion is backed with, failing to use a separate OS
> UID for each user, and coming up with your own custom database, with
> its own internal concept of uids, and its own internal protection
> model, is a pretty rude design, only justifiable while you're having
> to use OSes that don't support enough distinct uids for your user
> community. As long as OSes are available that implement a large
> enough uid space --- either because we've got smaller problems, or
> because we can get OSes that handle 32-bit uids (seems to be
> increasingly common these days) I would definitely want to hand out
> one to every user. Whether they can interactively log in or not.

I'm not so sure that the situation is quite so clear cut. For
example, Samba is careful to try to cut down the amount of UID
switching it does. Presuably (!) this is because of a measurable
performance impact somewhere.

Secondly, if your code needs to be able to switch to an arbitrary
user, it needs to run as root. If it doesn't, it can run as an
ordinary user. There are security advantages to this also.

> The job an OS is there to perform is to manage the resources of the
> system. Whether it's permissions, or quotas, or auditing, or making
> possible specific permitted modes of inter-user data sharing, the
> more features a custom single-uid mail store gets implemented, the
> more of the job it has done of re-implementing the OS.

True. However, a general OS feature that works well for N users may
not always scale well to Brad's 100N users.

The processing time for "ls" is, I concede, a bit of a limp example,
but I much less certain, for example, how well Unix file quota systems
scale to 10^6 users on a single system...

-- 
James Youngman
Manchester, UK.  +44 161 226 7339