Jesse Pollard wrote:
> > The withdrawn POSIX draft only has rwx permissions. I have draft 17.
> >
>
> I do seem to remember some discussion about more being included (things
> like APPEND and EDIT_ACL permissions), but I didn't realize they never made it.
The POSIX Draft very carefully neither prohibits nor advocates
additional permissions. This is one of the reasons you can't
use numeric mode bit specifications in POSIX ACLs. There is also
the issue of mapping additional permissions onto mode bits
should one change an access ACL to consider.
The specification of additional access modes has significant impact
on a systems security policy. For example, if you put a DELETE
bit on a file you have changed the access policy for this operation
to depend on two objects (the containing directory and the file)
instead of the one (containing directory) which was involved
before. I'm not one to argue that this is either better or worse,
mirely that it's different and requires more accesses. From the
standpoint of the security model it's just another detail.
--Casey Schaufler Manager, Trust Technology, SGI casey@sgi.com voice: 650.933.1634 casey_p@pager.sgi.com Pager: 888.220.0607
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 21:00:29 EST