You want a select group of (but not all) users to be able to write to the directories You want the web server to be able to read (and execute where applicable), but not write, and definitely not own the files. And ideally you want all other users to have no access.
OK, I think I misunderstood first time around.
You're saying you have a bunch of different groups of users to have write access, and you want a single user (the webserver) to have read access.
So, my previous solution would still work, but you just make the process that manages the import to be a different user ID than the webserver. There's no reason the web services environment needs to all run with a single user ID.
The time I run in to this problem is with running a web server, with virtual hosts and multiple users being able to edit a single site
I wouldn't use filesystem permissions for something that complex. Use CVS or at least a per-user dropbox, and let them kick off a command to tell the webserver "my new pages are ready, load them". That way you get a modicum of tracking and code management as well.
Then the users have write-access to their own directories, the webserver has read access to them all, and nobody has or needs direct write either way.
Windows is full of places like this, where yu have excessive numbers of people with write access to a shared resource that shold be managed on a per-user basis instead, just because ACLs let them get away with it. The print spool used to be that way, though I haven't looked lately... they may have wised up there by now.
And so you believe that someone with income of $3550 a year spent $60 on a copy of Office he didn't need and couldn't use just so he could play a prank on Microsoft, and the rest of the story including the attempts to return the software was somehow planned?
I think you stretch the bounds of belief just a wee bit too far.
Linux fundamentalists in general -- not just those who attack the likes of DiDio -- can be harmful to the cause they're supportting.
As I pointed out in another message in this thread... I don't use Linux, I don't really much like Linux, so there's more than just Linux fundamentalists who dislike DiDio.
And as I pointed out in yet another message in this thread, "Linux fundamentalists" are a pretty mellow bunch. The worst things they do are a lot less dramatic than you'll find in MOST Internet debates.
And as anyone who's followed Linux from the start knows, strongly held opinions are built into its genes. I think if you you could take the Linux fundamentalists out you wouldn't have Linux. So if that's important to you... just put up with them. They're a lot easier to get along with than, say, Shriners...
it's not much better when your opinion has become fueled by myopia and precious little else
I'd suggest you do a bit of research before assuming that people who don't like DiDio don't like her because of "myopia and precious little else". She's no "Sammy the Bull", but she HAS fairly earned her reputation for being Microsoft's loyal enforcer.
I had someone pissed off at me post thousands of messages accusing me of pedophile rape. There's people who go out of their way to hurt folks online, including finding their friends and employers, trying to get them fired, and in some cases succeeding... over the most trivial things. I don't know of anyone doing it because of their choice of OS yet, but Microsoft sued a kid for selling his copy of Windows and Office on eBay because he couldn't take them back... and that kind of action generates a lot nastier responses than mild name-calling.
There's a lot of really screwed up people on line. No matter what you do, you're eventually going to run into some of them. If you can't handle that, stay off the Internet.
Yeh, he got caught pulling a sophomoric stunt. Well, you know, there's a reason they call it "sophomoric". I'm one of the most straight-laced people in my circle of friends, when I was at college I was the token "right winger", and I still pulled a couple of pranks when I was that age. I just didn't get caught.
Plus...
I wouldn't be surprised to find out he uses a Mac or something else and couldn't have even used the copy of office anyway.
Well, it's pretty bad, and it sounds like ass... but if you're going to use the "speaker system" analogy, let's look at it:
Windows XP (the speakers): $199 Laptop (the car): $1000-$3000, typically under $2000.
Yeh, the "speaker system" costs 1/10th the cost of the car. And it makes my head hurt. I want it out of there AND I sure as hell don't want to pay for it.
The only place this runs into trouble is when you want to have varying levels of access for the same set of files. (ex. one group read only and one group with read and write).
It's surprisingly rare that you have that, normally one of two situations cover it: either the "group" that needs write access has only one member, the daemon that's mananging the resource, or members of the other group really only need write access to their own files and a sticky directory takes care of it. When these fall down you need a setuid program that members of the writer group can run, or a dropbox they can leave files in for a daemon to handle on their behalf...
The problem is that all too often people look at this and create a setuid root program, instead of creating a user that has no more rights than it needs to do the job and let them setuid to that...
developers skirted the BIOS because BIOS calls were too slow -- that was back when the BIOS was part of the OS. This is not a Microsoft problem
It bloody well is a Microsoft problem. They had the ability to improve the performance of the BIOS, ANSI.SYS was frequently ten to a hundred times faster than the BIOS on a typical computer... all they needed to do was intercept the BIOS calls and perform the same operations they did with ANSI.SYS and they would immediately remove any need for people to go around them.
But they didn't. So your choice was ANSI.SYS, or direct hardware access. I went with the BIOS for my terminal program and half my code was "curses" style optimizations to avoid making extra trips into the BIOS... as if this memory mapped display was a 300 baud terminal!
Similarly, the current mess with applications needing to write to %SYSTEMROOT% to install is Microsoft's fault, because for many years they recommended that applications do that... as near as I can tell so they could ship DLL updates through application vendors instead of coming up with their own update mechanism. The result of that? Administrator-level installers, DLL Hell, and viruses being REINSTALLED back into %SYSTEMROOT% by the system restore tools they created to try and work around the problems...
He never had a problem with anybody making money off it, as long as the buyer got the source.
I have no objection to anyone making money off my software, either. Like the other guy who thought I was some kind of "radical", you've pegged me in the wrong hole.
He never had a problem with anybody making money off it, as long as the buyer got the source.
AND as long as the buyer could share the source. If he just wanted to make sure the buyer got the source, he could have left out a whole lot of the clauses in the GPL that make people start wibbling about "radicals".:) He could simply have said "if you sell this software, you have to sell it as source code" without any of the "clause 2" redistribution requirements.
The bottom line is, it's possible to use GPLed software without being part of the open source community, but if you're not going to... you really don't need the GPL. The old AT&T UNIX source license or any other proprietary source code licenses work just fine for hoarders, but here's what RMS thought about that:
Join us now and share the software;
You'll be free, hackers, you'll be free.
Hoarders may get piles of money,
That is true, hackers, that is true.
But they cannot help their neighbors;
That's not good, hackers, that's not good.
When we have enough free software
At our call, hackers, at our call,
We'll throw out those dirty licenses
Ever more, hackers, ever more.
Join us now and share the software;
You'll be free, hackers, you'll be free.
Me, I don't mind people hoarding my software. You can do both... just don't call it open when it's not shared, is that so hard?
UNIX' analogue to ACLs is group membership. The way it's supposed to work is that resources belong to groups or are front-ended by setuid applications that are group-execute. So rather than having "dial-out rights" you're supposed to go into the "dial-out group". Windows ends up doing things the same way... rather than juggle rights on a user level, you tend to assign those to resource groups and put people in them (with 'Administrators' being the default example).
Thats just it, there doesnt have to be any restrictions on it, they just have to choose not to redistribute, and that is perfectly allowed.
You're still talking about what's "allowed", what the "system" is.
The open source community consists of people who share source code with other members of the community. People who don't share source code are not members of that community, no matter what the licenses on the code they don't share. They may be members of another community, whatever that group of people they share code with may be, but if you don't participate in a community you're not part of it.
This has nothing to do with beliefs in what open source means... there's significant debate in the community about what it means... it's simply a matter of taking part in what that community does or not taking part in it.
And it CERTAINLY has nothing to do with "more radical beliefs". Ask anyone about my opinions of the GPL if you think I'm in the radical fringe of the open source community. Boy, do YOU have the wrong end of the stick if you think I'm "radical".:)
If there are restrictions outside the license that prevent you from distributing it, it's not open source in any meaningful sense. It doesn't matter what those restrictions are, "No, Office Friendly, you can't give this away because we're depending on security by obscurity" is no different from "the license doesn't let you distribute it".
I've been part of the open source community long before the GNU manifesto, long before the open source community had a name, back when we were distributing code because it was the onlylogical thing to do. And there have always been people who played their code close to their chest, and convinced people to do the same if they wanted to share it, and nobody ever considered that to have anything to do with our community.
Open source is what the open source community, the free software community, the whatever you call it community does. We can follow Feynman and call it "Wakalixes", if you like.
And we may argue about what the best kind of open/free/wakalixish software is, but there's no confusion at all about the bottom line... the point of the excersize is to share the software. If you don't do that, it's not open, no matter what games you play with licenses and language.
It entirely depends on the license of the sourcecode - does the customer get the right to redistribute with few restrictions?
Indeed, that's exactly how people game the system. They use an OSI compatible license, but then apply pressure elsewhere that effectively prevents the customer from redistributing it. The classic example is a well-known embedded distribution for network devices that terminates a customer's access to new versions if they excersize their rights under the GPL to distribute the code.
That's legal under the GPL, but it's not freedom, it's gaming the system. It's not "open source" in any meaningful sense of the term.
Common mistake - open source does not mean that 1, 2 or 3 have to be fulfilled to the general public, indeed I can opensource a project of mine and supply the binary and code to my one sole customer, it would still be open source.
That would make virtually every large scale engineering or realtime control system for the past three decades "open source". And that's just stupid... our product ships in source code form, but it's sure as heck not described as, thought of as, or considered "open source". It's a proprietary product that comes with a source distribution.
There is nothing in any of the GNU licenses or the OSI opproved licenses that says 'you must supply this to the general public for it to be an opensource project',
That's true, it's perfectly possible to violate the spirit of open source while complying with the letter of any license. That's not "open source", that's "gaming the system".
open source doesnt necessarily mean 'put the source on a website for all and sundry to download on a whim'
That's pretty much what it does mean. Otherwise it's just a source distribution, and proprietary code has been distributed in source form since, well, software's been around. Heck, big engineering projects and customised real-time control systems traditionally ship with full source, and it's only recently that a binary-only product wasn't a show-stopper in that market... but nobody would have described that as "open source".
My main problem with this is that they'd be much more likely to come up with a solution that makes it harder or more expensive to make an MP3 player, or otherwise screw up, and that whatever rules they came up with some company (whether or not it was Apple) would still end up with some kind of annoying lock on the market.
I'm sure someone will tell me that the market should decide. Fair enough, but funny how that reasoning is contingent upon the company being discussed.
If Apple was in a monopoly position with a natural monopoly, like an operating system, rather than music which even people in Red States can figure out that if you can hear it you can copy it... so there was no way the market could work... sure.
But since they're not, I'm not sure what your point is.
I mean, Microsoft *is* doing the same thing with WMP, but they're doing it in a way that locks you into Windows, imposes DRM that can override your own ability to run your own software on your own computer (there was a story a while back on one of the Microsoft employee blogs about a guy who coldn't read Microsoft documents because he was running Windowblinds to theme Windows... and the DRM decided he was trying to break DRM and refused to run). Apple's not doing any of that, they're not locking labels or artists or anyone else into exclusive contracts, and you can always "Rip, Mix, MP3"... which you might not be able to do if WMP gets a "broadcast flag" watermarking scheme...
Can you imagine if HMV, Virgin or <insert record store here> suddenly switched to only selling a proprietary compact disc format which only played on their player and had built-in restrictions?
And which you could copy straight over to an open compact disc format, that any player could play, and no existing record store actually sells them, you have to get them in new stores and special kiosks in malls.
Christ, Apple told the whole world how to break iTunes DRM in their old advertising campaign. You just need to shift it by one word...
Yeh, yeh, you may lose some quality, but you already lost some buying it from iTMS or Napster instead of ripping the CD on your own, and you're playing it in your iPod or Rio while you're driving or walking or... whatever you're doing, you're not in an environment where you're going to notice the loss from ONE burn/rip cycle. Sheesh...
You want a select group of (but not all) users to be able to write to the directories
You want the web server to be able to read (and execute where applicable), but not write, and definitely not own the files.
And ideally you want all other users to have no access.
OK, I think I misunderstood first time around.
You're saying you have a bunch of different groups of users to have write access, and you want a single user (the webserver) to have read access.
So, my previous solution would still work, but you just make the process that manages the import to be a different user ID than the webserver. There's no reason the web services environment needs to all run with a single user ID.
The time I run in to this problem is with running a web server, with virtual hosts and multiple users being able to edit a single site
I wouldn't use filesystem permissions for something that complex. Use CVS or at least a per-user dropbox, and let them kick off a command to tell the webserver "my new pages are ready, load them". That way you get a modicum of tracking and code management as well.
Then the users have write-access to their own directories, the webserver has read access to them all, and nobody has or needs direct write either way.
Windows is full of places like this, where yu have excessive numbers of people with write access to a shared resource that shold be managed on a per-user basis instead, just because ACLs let them get away with it. The print spool used to be that way, though I haven't looked lately... they may have wised up there by now.
And so you believe that someone with income of $3550 a year spent $60 on a copy of Office he didn't need and couldn't use just so he could play a prank on Microsoft, and the rest of the story including the attempts to return the software was somehow planned?
I think you stretch the bounds of belief just a wee bit too far.
Linux fundamentalists in general -- not just those who attack the likes of DiDio -- can be harmful to the cause they're supportting.
As I pointed out in another message in this thread... I don't use Linux, I don't really much like Linux, so there's more than just Linux fundamentalists who dislike DiDio.
And as I pointed out in yet another message in this thread, "Linux fundamentalists" are a pretty mellow bunch. The worst things they do are a lot less dramatic than you'll find in MOST Internet debates.
And as anyone who's followed Linux from the start knows, strongly held opinions are built into its genes. I think if you you could take the Linux fundamentalists out you wouldn't have Linux. So if that's important to you... just put up with them. They're a lot easier to get along with than, say, Shriners...
it's not much better when your opinion has become fueled by myopia and precious little else
I'd suggest you do a bit of research before assuming that people who don't like DiDio don't like her because of "myopia and precious little else". She's no "Sammy the Bull", but she HAS fairly earned her reputation for being Microsoft's loyal enforcer.
harassing this poor analyst instead of spending your time making Linux better?
Because I don't like Linux, I don't use Linux, and I don't care whether it's improved or not.
PS: Your herring is red.
God, "DiDiot". That's rough.
I had someone pissed off at me post thousands of messages accusing me of pedophile rape. There's people who go out of their way to hurt folks online, including finding their friends and employers, trying to get them fired, and in some cases succeeding... over the most trivial things. I don't know of anyone doing it because of their choice of OS yet, but Microsoft sued a kid for selling his copy of Windows and Office on eBay because he couldn't take them back... and that kind of action generates a lot nastier responses than mild name-calling.
There's a lot of really screwed up people on line. No matter what you do, you're eventually going to run into some of them. If you can't handle that, stay off the Internet.
It's amazing what /. doesn't print.
It's not what you know, it's who you know.
Yeh, he got caught pulling a sophomoric stunt. Well, you know, there's a reason they call it "sophomoric". I'm one of the most straight-laced people in my circle of friends, when I was at college I was the token "right winger", and I still pulled a couple of pranks when I was that age. I just didn't get caught.
Plus...
I wouldn't be surprised to find out he uses a Mac or something else and couldn't have even used the copy of office anyway.
My copy of Office runs just fine on my Mac.
That's one bad ass speaker system.
Well, it's pretty bad, and it sounds like ass... but if you're going to use the "speaker system" analogy, let's look at it:
Windows XP (the speakers): $199
Laptop (the car): $1000-$3000, typically under $2000.
Yeh, the "speaker system" costs 1/10th the cost of the car. And it makes my head hurt. I want it out of there AND I sure as hell don't want to pay for it.
Say you get a nice audio setup but you were going to put in your own speakers afterward, you don't go back to the dealership and demand a refund.
If the dealer includes speakers that cause you pain and lists them at 1/10th the cost of the car, you damn well do demand a refund.
The only place this runs into trouble is when you want to have varying levels of access for the same set of files. (ex. one group read only and one group with read and write).
It's surprisingly rare that you have that, normally one of two situations cover it: either the "group" that needs write access has only one member, the daemon that's mananging the resource, or members of the other group really only need write access to their own files and a sticky directory takes care of it. When these fall down you need a setuid program that members of the writer group can run, or a dropbox they can leave files in for a daemon to handle on their behalf...
The problem is that all too often people look at this and create a setuid root program, instead of creating a user that has no more rights than it needs to do the job and let them setuid to that...
developers skirted the BIOS because BIOS calls were too slow -- that was back when the BIOS was part of the OS. This is not a Microsoft problem
... as if this memory mapped display was a 300 baud terminal!
It bloody well is a Microsoft problem. They had the ability to improve the performance of the BIOS, ANSI.SYS was frequently ten to a hundred times faster than the BIOS on a typical computer... all they needed to do was intercept the BIOS calls and perform the same operations they did with ANSI.SYS and they would immediately remove any need for people to go around them.
But they didn't. So your choice was ANSI.SYS, or direct hardware access. I went with the BIOS for my terminal program and half my code was "curses" style optimizations to avoid making extra trips into the BIOS
Similarly, the current mess with applications needing to write to %SYSTEMROOT% to install is Microsoft's fault, because for many years they recommended that applications do that... as near as I can tell so they could ship DLL updates through application vendors instead of coming up with their own update mechanism. The result of that? Administrator-level installers, DLL Hell, and viruses being REINSTALLED back into %SYSTEMROOT% by the system restore tools they created to try and work around the problems...
Not Microsoft's fault? Like hell it's not!
He never had a problem with anybody making money off it, as long as the buyer got the source.
:) He could simply have said "if you sell this software, you have to sell it as source code" without any of the "clause 2" redistribution requirements.
I have no objection to anyone making money off my software, either. Like the other guy who thought I was some kind of "radical", you've pegged me in the wrong hole.
He never had a problem with anybody making money off it, as long as the buyer got the source.
AND as long as the buyer could share the source. If he just wanted to make sure the buyer got the source, he could have left out a whole lot of the clauses in the GPL that make people start wibbling about "radicals".
The bottom line is, it's possible to use GPLed software without being part of the open source community, but if you're not going to... you really don't need the GPL. The old AT&T UNIX source license or any other proprietary source code licenses work just fine for hoarders, but here's what RMS thought about that:
Join us now and share the software;
You'll be free, hackers, you'll be free.
Hoarders may get piles of money,
That is true, hackers, that is true.
But they cannot help their neighbors;
That's not good, hackers, that's not good.
When we have enough free software
At our call, hackers, at our call,
We'll throw out those dirty licenses
Ever more, hackers, ever more.
Join us now and share the software;
You'll be free, hackers, you'll be free.
Me, I don't mind people hoarding my software. You can do both... just don't call it open when it's not shared, is that so hard?
UNIX' analogue to ACLs is group membership. The way it's supposed to work is that resources belong to groups or are front-ended by setuid applications that are group-execute. So rather than having "dial-out rights" you're supposed to go into the "dial-out group". Windows ends up doing things the same way... rather than juggle rights on a user level, you tend to assign those to resource groups and put people in them (with 'Administrators' being the default example).
Either way, you end up in the same place....
Thats just it, there doesnt have to be any restrictions on it, they just have to choose not to redistribute, and that is perfectly allowed.
:)
You're still talking about what's "allowed", what the "system" is.
The open source community consists of people who share source code with other members of the community. People who don't share source code are not members of that community, no matter what the licenses on the code they don't share. They may be members of another community, whatever that group of people they share code with may be, but if you don't participate in a community you're not part of it.
This has nothing to do with beliefs in what open source means... there's significant debate in the community about what it means... it's simply a matter of taking part in what that community does or not taking part in it.
And it CERTAINLY has nothing to do with "more radical beliefs". Ask anyone about my opinions of the GPL if you think I'm in the radical fringe of the open source community. Boy, do YOU have the wrong end of the stick if you think I'm "radical".
If there are restrictions outside the license that prevent you from distributing it, it's not open source in any meaningful sense. It doesn't matter what those restrictions are, "No, Office Friendly, you can't give this away because we're depending on security by obscurity" is no different from "the license doesn't let you distribute it".
I've been part of the open source community long before the GNU manifesto, long before the open source community had a name, back when we were distributing code because it was the onlylogical thing to do. And there have always been people who played their code close to their chest, and convinced people to do the same if they wanted to share it, and nobody ever considered that to have anything to do with our community.
Open source is what the open source community, the free software community, the whatever you call it community does. We can follow Feynman and call it "Wakalixes", if you like.
And we may argue about what the best kind of open/free/wakalixish software is, but there's no confusion at all about the bottom line... the point of the excersize is to share the software. If you don't do that, it's not open, no matter what games you play with licenses and language.
It entirely depends on the license of the sourcecode - does the customer get the right to redistribute with few restrictions?
Indeed, that's exactly how people game the system. They use an OSI compatible license, but then apply pressure elsewhere that effectively prevents the customer from redistributing it. The classic example is a well-known embedded distribution for network devices that terminates a customer's access to new versions if they excersize their rights under the GPL to distribute the code.
That's legal under the GPL, but it's not freedom, it's gaming the system. It's not "open source" in any meaningful sense of the term.
Common mistake - open source does not mean that 1, 2 or 3 have to be fulfilled to the general public, indeed I can opensource a project of mine and supply the binary and code to my one sole customer, it would still be open source.
That would make virtually every large scale engineering or realtime control system for the past three decades "open source". And that's just stupid... our product ships in source code form, but it's sure as heck not described as, thought of as, or considered "open source". It's a proprietary product that comes with a source distribution.
There is nothing in any of the GNU licenses or the OSI opproved licenses that says 'you must supply this to the general public for it to be an opensource project',
That's true, it's perfectly possible to violate the spirit of open source while complying with the letter of any license. That's not "open source", that's "gaming the system".
open source doesnt necessarily mean 'put the source on a website for all and sundry to download on a whim'
That's pretty much what it does mean. Otherwise it's just a source distribution, and proprietary code has been distributed in source form since, well, software's been around. Heck, big engineering projects and customised real-time control systems traditionally ship with full source, and it's only recently that a binary-only product wasn't a show-stopper in that market... but nobody would have described that as "open source".
And to make it even more boggling, they're doing it open-source.
That's yet to be seen... it sounds like it's "open source on a need to know basis", which is rather stretching the definition...
My main problem with this is that they'd be much more likely to come up with a solution that makes it harder or more expensive to make an MP3 player, or otherwise screw up, and that whatever rules they came up with some company (whether or not it was Apple) would still end up with some kind of annoying lock on the market.
I'm sure someone will tell me that the market should decide. Fair enough, but funny how that reasoning is contingent upon the company being discussed.
If Apple was in a monopoly position with a natural monopoly, like an operating system, rather than music which even people in Red States can figure out that if you can hear it you can copy it... so there was no way the market could work... sure.
But since they're not, I'm not sure what your point is.
I mean, Microsoft *is* doing the same thing with WMP, but they're doing it in a way that locks you into Windows, imposes DRM that can override your own ability to run your own software on your own computer (there was a story a while back on one of the Microsoft employee blogs about a guy who coldn't read Microsoft documents because he was running Windowblinds to theme Windows... and the DRM decided he was trying to break DRM and refused to run). Apple's not doing any of that, they're not locking labels or artists or anyone else into exclusive contracts, and you can always "Rip, Mix, MP3"... which you might not be able to do if WMP gets a "broadcast flag" watermarking scheme...
Can you imagine if HMV, Virgin or <insert record store here> suddenly switched to only selling a proprietary compact disc format which only played on their player and had built-in restrictions?
And which you could copy straight over to an open compact disc format, that any player could play, and no existing record store actually sells them, you have to get them in new stores and special kiosks in malls.
Christ, Apple told the whole world how to break iTunes DRM in their old advertising campaign. You just need to shift it by one word...
... whatever you're doing, you're not in an environment where you're going to notice the loss from ONE burn/rip cycle. Sheesh...
Yeh, yeh, you may lose some quality, but you already lost some buying it from iTMS or Napster instead of ripping the CD on your own, and you're playing it in your iPod or Rio while you're driving or walking or
This whole thing is SUCH a goddamn non-issue.