The file daemon would consult an access list, and make its decision. The
access list was simply a file named ACCESS.USR (I don't recall if there
could be one in each directory, or if there was a single one per user in
that user's home directory).
ACCESS.USR consisted of a series of lines that specified files, accessors,
and permissions. Wildcards were allowed. E.g., you could say *.txt to have
a line apply to all files ending in .txt, or *.* to hit all files (handy to
provide a default in case no earlier line matched a particular file).
Accessors could be specified by user or group (with wildcards allowed), or by
program, or both. E.g., you could specify that scores.dat could be written
by any user if the program doing the writing was a particular game.
There was a bit somewhere you could set to tell the kernel not to consult
the file daemon for you.
You do have to be careful implementing this kind of thing. There were several
security bugs related to file daemon, mostly involving, I seem to recall, the
kernel and file daemon getting out of sync over which answer from file
daemon corresponded to which request from the kernel.
One nice thing about the file daemon/ACCESS.USR approach is that since the
ACLs are not stored with the files but rather in ACCESS.USR, users tend not
to think it at all strange that when they move a file, the ACL doesn't
follow it, so you don't end up having to rewrite all the normal file utilities
to know about ACLs!
--Tim Smith
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/faq.html