Warning: I am suppressing an urge to rant here. Perhaps I am not suppressing it well enough.
The file system of Unix (and of several of its precursors) intended the files to live in a global name space. Any program refers to a particular file with the same name. File names that do not begin with a slash are prepended by the name of a “working directory” merely as a crude facilitation of coding. Such prepending can always be overridden; it is no protection. Those familiar with the arguments against global variables will find similar arguments here against current practices in locating files.
Computer languages, at least since Algol 60, provide scoping rules that provide a form of protection that is fairly easy to understand. In conjunction with parameters it provides an adequate programming platform.
From near the beginning of Unix it was known that some protection was needed and they included ‘permissions’ that allowed the ‘owner’ of a file to determine how broad access to a file was to be. Three degrees of access were contemplated: “just me”, “my group” and “everyone”. Also access of categories were provided; I could reserve writing of a file to myself but let my group read it.
There arose needs for finer control and the Access List was invented that could be attached to a file extending some particular sort of access for some particular file to a particular user. See “ACL MANIPULATION” within output of “man chmod”.
At some point various functionalities, like file backup, required code that needed to keep notes for itself about particular files. The “Extended Attribute” was invented. Consider “man xattr”. A new global name space was invented — the “Attribute Name”. An attribute is ascribed to a particular file, with a particular attribute name and some particular attribute value, which may be binary data.
Upon those mechanisms was imposed a new regime: “Meta Data”. Consider “man mdls”. I fear the ramifications of that facility.
How does one reason about the semantics of the shell command “cp a b”? How does one discover the semantics? How does one reason about the security of a system without understanding such semantics? Where can I come to understand who can read a file; how do these various rules interact — with ‘and‘s or ‘or’s?
I find Apple’s “Spotlight Search” quite useful. I suspect that illicit programs designed to exfiltrate data also find it quite useful.