ACLs: Group permission test

James Buster bitbug at seal.engr.sgi.com
Wed Oct 6 22:16:58 GMT 1999 

On Oct 6,  5:52pm, Andreas Gruenbacher wrote:
} Subject: ACLs: Group permission test
} POSIX 1003.1e Draft Standard 17 document,
} 23.1.5 ACL Access Check Algorithm:
[deleted]
} - Find an ACL_GROUP (or ACL_GROUP_OBJ) entry that has the
} appropriate permissions set.
}   - If such an entry exists, grant the requested access.
}   - If such an enttry doesn't exist, deny access.

This is not how the access rights of a group is determined, it's how
the access rights of a process in multiple groups is determined. The
actual Posix language is as follows:

If the effective group id or any of the supplementary group ids
of the process match the group id of the object or match the
group id specified in any ACL_GROUP tag type ACL entry, then
	if the requested access modes are granted by at least one
	entry matched by the effective group id or any of the supplementary
	group ids of the process, then
		access is allowed
	else
		access is denied

Rights accumulation is explicitly not allowed.

} On the other hand, the Solaris implementation goes as follows:
} 
} - Accumulate all permissions of all matching ACL_GROUP and ACL_GROUP_OBJ
} entries.
}   - If the accumulated rights include the permissions requested,
}     grant access.
}   - else, deny access.

Which is, obviously, not Posix compliant behavior.

} A process requests rwx access. There are matching entries that
} grant the process r-x and rw- access. In the POSIX version,
} access is granted. In the Solaris version, access is denied.

This seems backwards. In Posix, access is not granted. In Solaris, it is.

} Is this deliberate?

I'd presume so.

} I don't understand the advantage of the POSIX aproach, apart
} from maybe being a couple of CPU cycles faster.

It doesn't have unintended consequences. If you do access accumulation
like Solaris does, it becomes too easy to inadvertantly grant access that
wasn't intended by the person setting the ACL.

-- 
Planet Bog -- pools of toxic chemicals bubble under a choking
atomsphere of poisonous gases... but aside from that, it's not
much like Earth.
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message

More information about the posix1e mailing list