Re: permissions: can you force ACL to be effective over unix perms?

To: debian-user@lists.debian.org
Subject: Re: permissions: can you force ACL to be effective over unix perms?
From: Jonathan Dowland <jmtd@debian.org>
Date: Tue, 14 Jan 2014 09:56:04 +0000
Message-id: <[🔎] 20140114095604.GC20648@bryant.redmars.org>
In-reply-to: <[🔎] CAAr43iNnsHzs8esutyjYf1Ma82=-C17+9BN4r6b_SYapOtu_eg@mail.gmail.com>
References: <[🔎] CAGk-VN-DR1031jRfRe+Hwc_y6nb+XwyJkq4gnURu7UEVE_D8Bg@mail.gmail.com> <[🔎] CAAr43iNnsHzs8esutyjYf1Ma82=-C17+9BN4r6b_SYapOtu_eg@mail.gmail.com>

On Sat, Jan 11, 2014 at 09:41:19AM +0900, Joel Rees wrote:
> But I may be wrong.I don't use ACLs.

This normally sets alarm bells off in my head...

> I may be wrong here, but how could ACLs override the native
> permissions system randomly without opening tons of new opportunities
> for discovering vulnerabilities?

You do misunderstand what ACLs are for. Consider the classic UNIX
permission model and permitting the apache httpd daemon to read your
web documents. Unless the httpd daemon is owner or a member of the group
for your web documents, you must set o+r. With ACLS, you can
specifically allow the httpd user to read the file(s), but nobody else.

Reply to:

References:
- permissions: can you force ACL to be effective over unix perms?
  - From: Bob Goldberg <bobg.hahc@gmail.com>
- Re: permissions: can you force ACL to be effective over unix perms?
  - From: Joel Rees <joel.rees@gmail.com>

Prev by Date: Re: How to patch files in a package's debian directory
Next by Date: Re: New to Debian (Gentoo user) - package management
Previous by thread: Re: permissions: can you force ACL to be effective over unix perms?
Next by thread: Re: permissions: can you force ACL to be effective over unix perms?
Index(es):
- Date
- Thread