Default ACL: Semantics (again)

Andreas Gruenbacher a.gruenbacher at infosys.tuwien.ac.at
Wed Oct 6 11:04:29 GMT 1999 

"Peter J. Holzer" wrote:
> 
> On 1999-10-05 13:38:44 +0200, Andreas Gruenbacher wrote:
> > The rules suggested don't allow, for files created, to grant
> > different rights to different users. Consider the following
> > scenario:
> >
> >   User A shall be allowed to create files, but is not
> >          allowed zo change the files created afterwards.
> >
> >   User B is allowed to create files, and is also allowed
> >          to change the files afterwards.
> >
> > Apart from the fact that with the basic rwx set of permissions,
> > it is possible for user A to delete and re-create files,
> 
> It is also possible for user A to change the acl of the file after
> creation (he is the owner of the file after all) and then write to it.

Only if user A is aware of ACLs, and is allowed to login to the host.
I'm thinking of users through daemons like Samba and FTP. Most of my
users are allowed to interactively work with the machine, except for
changing their password.

Most users, for a long time, will not be aware of ACLs at all.
The idea is to make the system behave as expected, even though
ACLs are present, and grant a few permissions in addition to the
user/group/other permissions.

> > The scheme proposed may lead to weird results, like in this
> > case:
> 
> I think the default ACL is a little weird, so I would expect wierd
> results.
> 
> >       andy at snowball:/acl/test > getfacl .
> >       # file: .
> >       # owner: lisa
> >       # group: toolies
> [...]
> >       default:user::---
> >       default:user:andy:rwx
> >       default:group::---
> >       default:mask:rwx
> >       default:other:---
> >
> >       andy at snowball:/acl/test > echo "test" >file1
> >       andy at snowball:/acl/test > getfacl file1
> >       # file: file1
> >       # owner: andy
> >       # group: toolies
> >       user::---
> >       user:andy:rwx                   #effective:rw-
> 
> I don't think so. 5.3.1.2 (2) says:
> 
>     Both the ACL_USER_OBJ ACL entry permission bits and the file owner
>     class permission bits of the access ACL are set to the intersection
>     of the default ACL's ACL_USER_OBJ permission bits and the file owner
>     class permission bits in mode.
> 
> I couldn't find a definition of "file owner class permission bits of the
> access ACL", but from context I guess that it means "permission bits
> of all ACL_USER entries which match the file owner". So I think that
> user:andy: should be set to ---, too.

By `file owner class permission bits' they mean the S_IRWXU bits in the
mode field, to my current understanding.


Andreas

------------------------------------------------------------------------
 Andreas Gruenbacher, Vienna University of Technology
 a.gruenbacher at infosys.tuwien.ac.at
 Contact information: http://www.infosys.tuwien.ac.at/~agruenba
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message

More information about the posix1e mailing list