ACLs: Group permission test

James Buster bitbug at seal.engr.sgi.com
Thu Oct 7 00:41:01 GMT 1999 

On Oct 7,  1:11am, Andreas Gruenbacher wrote:
} I still find this a very strange definition. Accumulation is what
} everybody and their dog would expect, yet POSIX is different.
} Standards are strange...

That's what the Rationale is for. Section B.23.10, Multiple Group
Evaluation explains why the did what they did:

1) First group id match. In this approach, the first entry that matches
   one of the process's groups is used to determine access. Access is
   granted if the matched entry grants the requested permissions.

   This approach provides a simple solution to the problem, but it does so
   by putting a burden on the user to order the ACL_GROUP entries correctly
   to get the desired result. Also, while this is efficient, it dictates
   implementation details because the ACL entries must be maintained by
   the system in the order they were entered by the user.

2) Intersection of matching entries. In this approach, the permissions of
   all the entries which match groups of the process are intersected
   (ANDed) together. Access is granted if the result of the intersection
   grants the requested permissions.

   This approach provides a slightly complex solution (from a user point
   of view) to the problem, but is considered very restrictive. It is
   difficult to justify that a process that is granted read access through
   one group and write access through another should actually get no access.

3) Union of matching entries. In this approach, the union is taken of the
   permissions of all the entries which match groups of the process.
   Access is granted is the result of the union grants the requested
   permissions.

   This approach provides a slightly complex solution (from a user point
   of view) to the problem, but is considered rather permissive. It is
   not possible to ensure denial of access to all members of a group via
   a restrictive group entry because members of that group may be allowed
   access via membership in other groups. It is also possible for a process
   to be granted more access than is granted by a single entry e.g. one entry
   grants read access, another grants write access and the process is granted
   read *and* write access.

4) Permission match. In this approach, the permissions of all the entries
   which match groups of the process are compared with the requested access.
   Access is granted if a matched entry grants at least the requested
   permissions.

   This approach provides a simple solution to the problem that is very
   similar to the POSIX.1 semantics. In POSIX.1, if a process is in the file
   group class and the file group class permissions grant at least the
   requested access, then the process is granted access. In this approach,
   if a process is in the file group class and the permissions of one of
   the ACL entries in the file group class grant at least the requested
   access, then the process is granted access.

One of the goals of the ACL mechanism is to be compatible with POSIX.1.
Of the different approaches considered, the "Permission match" approach
provides the semantics that most closely match POSIX.1 and is the chosen
approach.

-- 
Planet Bog -- pools of toxic chemicals bubble under a choking
atomsphere of poisonous gases... but aside from that, it's not
much like Earth.
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message

More information about the posix1e mailing list