Re: what's next for the linux kernel?

[Howard Chu]

Howdy Luke...

Luke Kenneth Casson Leighton wrote:
> > If you can't do it with unix permissions or unix permissions + ACL,
> > you don't need to do it at all most likely, and even more likely
> > you

>  the bastion sftp example i gave which required selinux on top of a
>  much broader set of POSIX file permissions demonstrates the fallacy
>  of your statement.

>  try to achieve the same effect with POSIX - even POSIX ACLs (uploader
>  only has create and write, not read, not delete; downloader has read
>  and delete, not write, not create)

>  and you will fail, miserably, because under POSIX, write implies
>  create.

You're really muddying up the waters here. sftp is not POSIX. Like ftp, 
it presents an abstraction of a generic filesystem, and that abstraction 
lives at the application layer. As such, it is the application layer's 
responsibility to define what features may or may not be implemented. 
There are plenty of smart ftp servers that let you define precisely this 
type of ACLs for the ftp users. The fact that it is both possible and 
trivially easy to implement such an application on top of a POSIX 
runtime environment tells me that there's nothing broken here.

--
 -- Howard Chu
 Chief Architect, Symas Corp.  http://www.symas.com
 Director, Highland Sun        http://highlandsun.com/hyc
 OpenLDAP Core Team            http://www.openldap.org/project/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/