I think we should reconsider what a user is conceptually. Many, if not most computers, are only used by a single individual (particularly if we count smartphones); but that human user might want to establish a bunch of different contexts or permission modes for various software on their computer depending on what they want to do at any given time. IIRC Android achieves per-app isolation using its Linux kernel by giving every app its own user (in the Linux kernel sense of a user), which is of course pretty different from Dennis Ritchie logging into a PDP-11 with dmr in the 1970s and having that string be associated with his personally-meaningful data artifacts.
Windows has a lot of great ideas around users, groups and permissions. Primarily built around an enterprise use case instead of a home user or server use case, but overall still a lot more refined than the unix system (in large parts due to being developed decades later)
The Authority/UserName scheme that allows you to use user names from different authorities on the same computer without name collisions, and the hierarchical userids that are SIDs are both quite useful. The most obvious everyday use case are file permissions on shared media like a USB drive or a network drive: knowing these files belong to user 1000 isn't very useful if every computer has a different idea of who that is
They aren't perfect by any means. If you were to design the same thing today you'd probably use UUIDs. But there are a lot of good ideas in there
I also think there's room for taking some inspiration from more modern cryptographic-key-based identity systems like blockchain identities and AtProtocol and Urbit - your primary identity as a user is an asymmetric cryptographic key, which you keep extremely secure; and then you can use this key to authenticate and encrypt messages over a public network or on a public data store, and you can derive sub-keys for use in various contexts. Instead of having to have different authorities keep track of usernames, what if every user in the system was identified with a public key from a global, cryptographically-large key-space?
I think we should reconsider what a user is conceptually. Many, if not most computers, are only used by a single individual (particularly if we count smartphones); but that human user might want to establish a bunch of different contexts or permission modes for various software on their computer depending on what they want to do at any given time. IIRC Android achieves per-app isolation using its Linux kernel by giving every app its own user (in the Linux kernel sense of a user), which is of course pretty different from Dennis Ritchie logging into a PDP-11 with dmr in the 1970s and having that string be associated with his personally-meaningful data artifacts.
With SIDs https://learn.microsoft.com/en-us/windows-server/identity/ad...
ducks
Windows has a lot of great ideas around users, groups and permissions. Primarily built around an enterprise use case instead of a home user or server use case, but overall still a lot more refined than the unix system (in large parts due to being developed decades later)
The Authority/UserName scheme that allows you to use user names from different authorities on the same computer without name collisions, and the hierarchical userids that are SIDs are both quite useful. The most obvious everyday use case are file permissions on shared media like a USB drive or a network drive: knowing these files belong to user 1000 isn't very useful if every computer has a different idea of who that is
They aren't perfect by any means. If you were to design the same thing today you'd probably use UUIDs. But there are a lot of good ideas in there
I also think there's room for taking some inspiration from more modern cryptographic-key-based identity systems like blockchain identities and AtProtocol and Urbit - your primary identity as a user is an asymmetric cryptographic key, which you keep extremely secure; and then you can use this key to authenticate and encrypt messages over a public network or on a public data store, and you can derive sub-keys for use in various contexts. Instead of having to have different authorities keep track of usernames, what if every user in the system was identified with a public key from a global, cryptographically-large key-space?