rwx in ACLs (was Re: extattr in-kernel interface)
Ilmar S. Habibulin
ilmar at ints.ru
Tue Apr 18 19:14:12 GMT 2000
On Tue, 18 Apr 2000 jont at us.ibm.com wrote:
> > Do you still plan to use rwx model for ACLs?
> _I_ hope he plans to do something akin to the WinNT model[1]:
> read, write, append, delete, execute, take-owner, change-perm.
Why not to choose Novell? ;-)
> create:
> there is no create because its an operation on the containing directory :-)
Yes, it maybe append permition.
> take-owner: For those who aren't familiar with it, WinNT provides a
> take-owner permission which is basically saying that the specified
> user mayy chown the file to themselves. Thus chown only exists as a
> two party agreement (previous and new owner) avoiding many of the
> security problems of early Unix chown's. Whats more if the
> administrator forciably takes-ownership the user can see it because
> they no longer own the file - improved accountability. [ modulo
> manipulating backups ]
IMHO, take ownship suxx. I can't imagine the data processing model, which
will require such a strange permition. It maybe a capability, but not an
ACL permition.
> change-perm: Allows 'system' to own directories which are used by
> users basically under the users control (personalised /tmp or mail
> files or ...)
Don't understand this sentence. Doesn't standard unix permitions model
allow this?
> [1] I use WinNT as an example because it is a available/visible.
Why not to look at Novell or UNIX distributed filesystems (coda,afs,dfs)?
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list