rwx in ACLs (was Re: extattr in-kernel interface)
jont at us.ibm.com
jont at us.ibm.com
Tue Apr 18 18:02:14 GMT 2000
Perhaps Ilmar S. Habibulin wrote:
> Do you still plan to use rwx model for ACLs?
_I_ hope he plans to do something akin to the WinNT model[1]:
read, write, append, delete, execute, take-owner, change-perm.
create:
there is no create because its an operation on the containing directory :-)
take-owner:
For those who aren't familiar with it, WinNT provides a take-owner
permission
which is basically saying that the specified user mayy chown the file to
themselves. Thus chown only exists as a two party agreement (previous and
new owner) avoiding many of the security problems of early Unix chown's.
Whats more if the administrator forciably takes-ownership the user can see
it
because they no longer own the file - improved accountability.
[ modulo manipulating backups ]
change-perm:
Allows 'system' to own directories which are used by users basically under
the
users control (personalised /tmp or mail files or ...)
- JonT
[1] I use WinNT as an example because it is a available/visible.
---
Jon Tidswell
Advanced OS Technology Group / Sawmill Linux Project
IBM TJ Watson Research Center 30 Saw Mill River Road, Hawthorne, N.Y. 10532
Email: jont at us.ibm.com Voice: +1 914 784 7550
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list