|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [Plug] ACL for linux?
|
from..
http://www.cs.uml.edu/~acahalan/linux/22wishlist.html
Implement Access Control Lists in ext2fs.
You might want to look at hybrid systems of ACLs and capabilities. (gzipped
PostScript file (
www.cl.cam.ac.uk:80/ftp/papers/reports/TR326-sll-network.storage.architecture.ps.gz))
And I'd like to make a plea for role-based access control. Admittedly, it's not
going to be terribly useful in a Linux system due to the limited number
of users, but it would be nice anyway. I believe VMS has some nice features in
this area (including the ability to lie about errors to prevent information
leakage), though I wouldn't suggest even attempting to keep access control
information private, and I doubt it would be practical to even enumerate
all the covert channels, let alone close them down.
The question of what to do with programs that don't understand the new
protection scheme, however, is a thorny one. I'd suggest some kind of
per-process setting indicating whether to not report any information (ie. all
files apparently end up with mode 0) or whether to report some kind of
dynamic derived mode, which has the disadvantage that you'll end up with a
many-to-one mapping of protection status to mode (eg. `foobar' is mode
440 to you, but mode 460 to someone else, because you only have read access
whereas they have write access too). The former has the
disadvantage that you won't be able to use off-the-shelf applications, and the
latter might well cause all kinds of horrid (though rare) errors.
Categories of protection may also be a problem. RACF gets around this by having
NONE, READ, MODIFY, ALTER, and this seems a reasonable
solution. Another solution might be to specify groups of actions (read, write,
open with read only, lock etc.).
coutresy, google.com
Regrettably, I didn't find anyhting really useful InRe. ACL on ex2fs, hjowever,
I did find this really nifty page dealing with ex2fs in general..
http://uranus.it.swin.edu.au/~jn/explore2fs/es2fs.htm
Kyle Burton <mortis@voicenet.com> on 07/29/99 02:00:54 PM
Please respond to plug@lists.nothinbut.net
To: PLUG - Philadelphia Area Linux Users Group <plug@lists.nothinbut.net>
cc: (bcc: Vale Kenny/Cntrct/VGI)
Subject: [Plug] ACL for linux?
Access Control Lists for the ext2 file system? For Linux in general?
Or anything currently like it?
RFCs, FAQs?
Does anyone know where I can find out about ACLs? any standards?
we need one for a project we're doing (we = The Sycamor Group, my employer),
and if we can't find one, we may write one...(see also Kevin Hill)
k
------------------------------------------------------------------------------
Except for 75% of the women, everyone in the whole world wants to have sex.
-- Ellyn Mustard
mortis@voicenet.com http://www.voicenet.com/~mortis
------------------------------------------------------------------------------
_______________________________________________
Plug maillist - Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug
_______________________________________________
Plug maillist - Plug@lists.nothinbut.net
http://lists.nothinbut.net/mail/listinfo/plug
|
|