[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ACLs {Was: About the login shell}



On Wed, Aug 21, 2002 at 08:33:24AM +0200, Lionel Elie Mamane wrote:
> 
> Does this "version" of ACL's calm your fears of ACL's being
> "unintuitive"?

I think Nowell Netware had even more intuitive ACLs (but hard for the OS).

They were Supervisory,
Read, Write, Create, Erase, Modify attributes, see the File, grant Access 

The rights were inherited. If you wanted people to see your directory you 
grant RF to everybody on that directory. You do not need to put any ACLs on 
its subdirs or files.

In addition there was inheritance mask: you could restrict which rights are 
inherited at any place in the directory tree.

If the OS wanted to know what is an user allowed to do to a file, it collected 
that user's name and group names. It started with the file and empty mask.
For each of the names that appears in the file's ACL and does not yet have any 
associated permissions it associates any permission bits from the ACL
that do not appear in mask with that name. Then it ors current mask with
mask of the file and repeats with the file's parent, if any. Finally the rights 
are ORed.

-- 
Michal Suchanek
hramrach@centrum.cz



Reply to: