Security rights do not always match up accross operating systems.
For example, write permission on a directory might let you add and
remove both files and directories. It might also give you other
rights, depending on the operating system.
You can enumerate all the individual rights that apply to a directory.
The rights that apply to files are completely different, etc.
POSIX write permission on a directory can be converted to a small
collection of special directory rights that are _different_ from
the rights associated with POSIX write permission on a file.
If the operating system uses simple object-specific rights, it can
support multiple security systems by mapping all systems to the
simple object-specific rights. It becomes easy to handle Coda,
Novell Netware, etc.
When you ask such a system for GENERIC_WRITE access, your request
gets mapped to a request for several simple object-specific rights.
Here are some of the object-specific rights that NT uses:
REGISTRY FILE DIRECTORY PIPE
0 query value read data list read data
1 set value write data add file write data
2 create sub-key append data add sub-dir create pipe instance
3 enumerate sub-keys read EA read EA -
4 notify exec traverse -
5 create link - delete child -
6 - read attrib read attrib read attrib
7 - write attrib write attrib write attrib
POSIX write permission on a directory would give at least
bits 1, 2, and 5. Novell Netware write permission on a directory
might not give you bit 5, but it might give you bit 7.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu