ACLs and `ls -l'

Robert Watson robert at cyrus.watson.org
Sat Feb 19 15:22:22 GMT 2000 

On Sat, 19 Feb 2000, Andreas Gruenbacher wrote:

> pathconf(path, _POSIX_TRUE_MODE)
> --------------------------------
> Returns 0 if the file mode permission bits accurately reflect the permissions of
> path. Returns 1 if the file mode permission bits are a superset of the actual
> permissions of a file.

Andreas,

I generally agree with the principal, but think you mean ``subset'' :-).

I'm not sure if pathconf is the best way to do this, but I can't really
think of anything better at this point.  The only thing that came to mind,
that I suggested in private email to you, was adding an additional stat
bit that indicates whether or not the mode returned by the stat bit
accurately reflects the permissions of the file.  In the case of
alternative semantics (such as AFS, where files only have owner
permissions, but directories have a complete ACL that is fairly different
from a POSIX.1e ACL), even ``subset'' is a bit strong.  I guess I'd go
for:

S_PRMOD -- ``File mode is a poor representation of real file DAC labels''

The file system would then provide a best-effort rendering of the actual
DAC permissions into a UNIX-style file mode, and ls -l could add a ``*''
to indicate that the mode was poor.  This would also specify that the
``*'' was to reflect only discretionary access control mechanisms (i.e.,
not MAC), but would not make it specific to ACLs, as there are a number of
other relevant DAC mechanisms.  Purely defining it as ``An extended ACL is
present'' doesn't make sense if you're using DTE, for example.

I recognize that introducing a new flag there might introduce more pain
than benefit, but given the chance to remake the world in my image, that
would probably be my mechanism of choice.

  Robert N M Watson 

robert at fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services

To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message

More information about the posix1e mailing list