Re: ACLs {Was: About the login shell}
On Wed, Aug 21, 2002 at 08:33:24AM +0200, Lionel Elie Mamane wrote:
>
> Does this "version" of ACL's calm your fears of ACL's being
> "unintuitive"?
I think Nowell Netware had even more intuitive ACLs (but hard for the OS).
They were Supervisory,
Read, Write, Create, Erase, Modify attributes, see the File, grant Access
The rights were inherited. If you wanted people to see your directory you
grant RF to everybody on that directory. You do not need to put any ACLs on
its subdirs or files.
In addition there was inheritance mask: you could restrict which rights are
inherited at any place in the directory tree.
If the OS wanted to know what is an user allowed to do to a file, it collected
that user's name and group names. It started with the file and empty mask.
For each of the names that appears in the file's ACL and does not yet have any
associated permissions it associates any permission bits from the ACL
that do not appear in mask with that name. Then it ors current mask with
mask of the file and repeats with the file's parent, if any. Finally the rights
are ORed.
--
Michal Suchanek
hramrach@centrum.cz
Reply to: