Re: About the login shell
Lionel Elie Mamane wrote:
Ah, yes, this seems more intuitive, and more Unixy. That would be a Good
Thing. I think the non-intuitiveness of NT ACLs comes mainly from their
order-dependent nature, coupled with ACE inheritance. (And I think they
even changed the rules for which ACEs take precedence between NT4 and
On Tue, Aug 20, 2002 at 11:28:07AM -0500, Tom Hart wrote:
ACL's (Access Control Lists, for those who haven't heard the term
before), allow the administrator to have more fine-grained control
over access to the system.
However, the only system I'm familiar with that uses them is Windows
Maybe I should describe what I know of the ACL's implemented on top of
Unix then: I had some experience with a Solaris system, and I heard
that the (since withdrawn) POSIX ACL draft was very close to this.
It is much more simple than the NT ACL's:
There are 6 types of entries:
- (user | group) owner permissions
- other users permissions
- one specific (user|group) permissions
- the mask
Directories can additionally contain so-called "default values", that
is the ACL file created in this directory will contain initially. It
is unclear to me how this interacts with the umask (maybe the mask is
set to the umask).
An user has permission to do something if ANY entry of this file's ACL
gives him permission (modulo the mask, see below). So permissions are
cumulative: when you give a group permissions, you give it to all its
users, no exception. you can't say "all the 'staff' group has write
access, but not johndoe, even if he is member of the 'staff'
group". And only this file's ACL matters. There is no concept of
The mask is the maximal authorisations anyone (except the user owner)
can have. So the effective authorisations applying to an user is:
(bitwise or of all ACL entries that apply to him) bitwise and (the mask)
Does this "version" of ACL's calm your fears of ACL's being
I STFW'd for Posix and Solaris ACLs, and there is some very servicable
information out there:
In particular, the GNU cfengine document describes Solaris, DFS, and NT
ACL approaches quite succinctly, and it is easy to see that NT's
approach is the most complicated of the bunch.
The one thing about NT's approach that I think is good is the presence
of Deny ACEs. If ACEs are non-inheritable, I don't think this would add
an unreasonable amount of complexity to the system. And I suspect that
there are many situations in which it would be more convenient to add a
Deny ACE to a file than to have to make a new group that excludes the
person to whom you'd like to deny access.
-- Tom Hart