On Tue, Aug 20, 2002 at 11:28:07AM -0500, Tom Hart wrote:
ACL's (Access Control Lists, for those who haven't heard the term
before), allow the administrator to have more fine-grained control
over access to the system.
However, the only system I'm familiar with that uses them is Windows
NT/2K/XP.
Maybe I should describe what I know of the ACL's implemented on top of
Unix then: I had some experience with a Solaris system, and I heard
that the (since withdrawn) POSIX ACL draft was very close to this.
It is much more simple than the NT ACL's:
There are 6 types of entries:
- (user | group) owner permissions
- other users permissions
- one specific (user|group) permissions
- the mask
Directories can additionally contain so-called "default values", that
is the ACL file created in this directory will contain initially. It
is unclear to me how this interacts with the umask (maybe the mask is
set to the umask).
An user has permission to do something if ANY entry of this file's ACL
gives him permission (modulo the mask, see below). So permissions are
cumulative: when you give a group permissions, you give it to all its
users, no exception. you can't say "all the 'staff' group has write
access, but not johndoe, even if he is member of the 'staff'
group". And only this file's ACL matters. There is no concept of
inheritance.
The mask is the maximal authorisations anyone (except the user owner)
can have. So the effective authorisations applying to an user is:
(bitwise or of all ACL entries that apply to him) bitwise and (the mask)
Does this "version" of ACL's calm your fears of ACL's being
"unintuitive"?