Re: linux capabilities and ACLs

Mirian Crzig Lennox (mirian@xensei.com)
05 Feb 1999 13:37:55 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Linus Torvalds: "Linux-2.2.2-pre2.."
Previous message: G. Allen Morris III: "Re: NFSD error: dentry not negative!"
In reply to: john halewood: "Re: linux capabilities and ACLs"

john halewood <john@firewall.unidec.co.uk> writes:
>
> not quite. denial is always applied first. in fact, the thing
> that's been missing from this discussion is any mention
> of VMS, which has probably the most complete ACL implementation
> I've seen. it was borrowed (sometimes almost byte for byte) by
> n*t, although they left out some of the more obscure bits.
> I never could get the hang of being able to execute programs
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> even though i couldn't read the contents of the directory
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> that they resided in, or even read them themselves.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Get ready for a shock, then:

(On a machine running Redhat Linux 5.2):

$ mkdir foo
$ cp /bin/date foo
$ chmod 100 foo/date
$ chmod 100 foo
$ ls foo
ls: foo: Permission denied
$ cat foo/date
cat: foo/date: Permission denied
$ ./foo/date
Fri Feb 5 13:28:53 EST 1999

You don't need ACLs to pull this little trick; ordinary POSIX
permissions will do.

-- Mirian Crzig Lennox Systems Anarchist "There's a New World Order coming every minute. Make mine extra cheese."

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Linux-2.2.2-pre2.."
Previous message: G. Allen Morris III: "Re: NFSD error: dentry not negative!"
In reply to: john halewood: "Re: linux capabilities and ACLs"