TrustedBSD Extensions Project
David Collier-Brown - Sun Canada
davecb at scot.canada.sun.com
Wed Apr 12 18:25:29 GMT 2000
stanislav shalunov <shalunov at att.com> wrote:
| I interpret 3.1.1.1 ("The enforcement mechanism (e.g.,
| *self/group/public controls*, access control lists) shall allow
| users...", emphasis mine) as saying unix permissions are sufficient.
| This assumes that the comma means OR.
It does, but a later sentence says: "These access controls
shall be capable of including or excluding access to the
granularity of a single user." That's the clause that
requires you have a mechanism that isn't the Unix (sub)set.
One can have self/group/other mechanisms, but there has
to be case where you can specify a single other.
If memory serves, a v6 hack at UWaterloo used an array
of uid/permission-bits in a dummy inode to meet the
"one user" granularity need that they then had.
--dave
--
David Collier-Brown in Boston
Phone: (781) 442-0734, Room BUR03-3632
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list