From owner-freebsd-hackers Thu Jul 2 17:00:36 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA01817 for freebsd-hackers-outgoing; Thu, 2 Jul 1998 17:00:36 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from smtp01.primenet.com (daemon@smtp01.primenet.com [206.165.6.131]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA01812 for ; Thu, 2 Jul 1998 17:00:31 -0700 (PDT) (envelope-from tlambert@usr09.primenet.com) Received: (from daemon@localhost) by smtp01.primenet.com (8.8.8/8.8.8) id RAA13118; Thu, 2 Jul 1998 17:00:32 -0700 (MST) Received: from usr09.primenet.com(206.165.6.209) via SMTP by smtp01.primenet.com, id smtpd013061; Thu Jul 2 17:00:25 1998 Received: (from tlambert@localhost) by usr09.primenet.com (8.8.5/8.8.5) id RAA14014; Thu, 2 Jul 1998 17:00:21 -0700 (MST) From: Terry Lambert Message-Id: <199807030000.RAA14014@usr09.primenet.com> Subject: Re: Variant Link implementation, continued To: drosih@rpi.edu (Garance A Drosihn) Date: Fri, 3 Jul 1998 00:00:21 +0000 (GMT) Cc: jkh@time.cdrom.com, hackers@FreeBSD.ORG In-Reply-To: from "Garance A Drosihn" at Jul 2, 98 06:50:46 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > However, let's say the program itself happens to set an environment > variable called "PROGUSER", and you're going to use that. You do > not depend on the user themselves remembering to set this variable > (which is good (*)), because you know the program itself sets the > value before it reads the configuration file. The user runs the > program, the program goes to the desired config file, and it > happens that the config file isn't exactly what the user wants. > They quit the program, Bzzzt. The click on "Edit" and then click on "Preferences...". > Certainly it is an attractive idea to base symlinks on environment > variables, but maybe we should ask ourselves how hard it would be > to implement a "nice clean private namespace somewhere". I think > we'll be happier with the separate namespace, something which isn't > disrupted as readily and as often as the user environment. A namespace is a namespace. Your arguments apply no matter where the namespace is located, so long as you permit the user to modify it at all. For the "init" namespace, you don't let the user modify it. This is because what you are in fact modifying is the environment of the "init" process itself. This is, in fact, a "system logical name table". For the "process group leader" or "session leader" (the "group logical name table"), you would, preferentially, make this a session manager program. The session manager program does not need to be owned by the user. There are many good reasons to have a session manager; the main interesting one is to act as a credential holder for credentials and authentications you want shared between processes. The "user logical name table" is the user's environment, as it is currently understood. The only semantic difference that variant symlinks have from VMS logical names is their placement in a filesystem reference. The VMS placement must be as a prefix, and the placement we have been contemplating is "as a path component expansion in a symbolic link target. In point of fact, the concerns about tar'ring up these links was ill-founded: a "readlink" or, reflexively, "symlink" by tar will result in the correct behaviour (tar does not expand the environment, and "readlink" does not evaluate the target, it only reports it). Most of the concerns seem to be of the category "yeah, but if you make it work, people migh actually (shudder!) *use* it!". Something which allows you to do stupid things also allows you to do clever things. The question is whether the value of the clever things outweighs the risk of the stupid things. For the most part, having used systems that provided variant link technology, I have to say that the value of the clever things you can do with them vastly outweighs the risk that comes with them. For example, we could have made the /usr/lib/aout change appear to have zero impact. We could also have done a large number of other things with apparently zero impact, that would allow us to build multiple targets on the same machine, for example, something that the current build environment is not good at. There are numerous other examples that I can bore you with, if you insist... 8-). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message