Extended attribute interfaces
Casey Schaufler
casey at sgi.com
Thu Sep 21 18:59:02 GMT 2000
Andreas Gruenbacher wrote:
> Having write access to a device
> special file should not also give you write access to extended user
> attributes of that file I think. One also never gets write access to the
> special file itself but only to the device it refers to. Correct?
Oh goody, I've been invited to ponificate on access policy!
In traditional Unix systems the policy is different for
object (e.g. file) attributes (e.g. mode bits) than for
data.
The policy on attributes is that anyone can read
them and the owner can write them.
The policy for data is determined by the mode bits, and
shant be expounded upon here.
Additional restrictions may apply to either, such as MAC,
read-only file systems, and the like.
To keep with traditional policy, user extended attributes
may be treated either as data or as attributes, but the
behavior should be consistant with that choice.
System attributes fall under the "additional restrictions
apply" clause.
--
Casey Schaufler Manager, Trust Technology, SGI
casey at sgi.com voice: 650.933.1634
casey_p at pager.sgi.com Pager: 888.220.0607
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list