Re: User space ACLs (was Re: [NOT OFFTOPIC] Re: groups)

Alexander Kjeldaas (astor@guardian.no)
Mon, 7 Sep 1998 21:33:18 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rik van Riel: "Re: FTP mirror"
Previous message: Alan Cox: "Re: Cobalt Micro (was Re: Build your own Motherboards)"

On Mon, Sep 07, 1998 at 10:00:41AM -0700, Tim Smith wrote:
> There was an interesting approach to ACLs in TOPS-10, that might be worth
> playing around with in Linux. There was a daemon, called the file daemon.
> Whenever an attempt to access a file failed because of a permission problem,
> the kernel would ask the file daemon if that access should really be allowed.
>
> The file daemon would consult an access list, and make its decision. The
> access list was simply a file named ACCESS.USR (I don't recall if there
> could be one in each directory, or if there was a single one per user in
> that user's home directory).
>

We'd better do this in user-space - it is pretty straight forward
using file-descriptor passing. I see no benefit in having the kernel
speak to a user-level daemon, and you say there were syncronization
holes in their system. Btw, this technique can also be applied to
other areas such as getting access to service ports. I have plans to
implement this (for ports), but I have a diploma to write. :-)

astor

-- Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway http://www.guardian.no/

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/faq.html

Next message: Rik van Riel: "Re: FTP mirror"
Previous message: Alan Cox: "Re: Cobalt Micro (was Re: Build your own Motherboards)"