Re: Ext3 filesystem info?

Jesse Pollard (pollard@tomcat.admin.navo.hpc.mil)
Tue, 21 Sep 1999 07:23:16 -0500 (CDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Falco Hirschenberger: "Re: Unknown SCSI card"
Previous message: David Wragg: "Re: bug in socket.h (and maybe many other kernel headerfiles)"
Maybe in reply to: Alex: "Ext3 filesystem info?"
Next in thread: Jeff Haumont: "Re: Ext3 filesystem info?"

>From oxymoron@waste.org Mon Sep 20 18:30:28 1999
>On Mon, 20 Sep 1999, Theodore Y. Ts'o wrote:
>> The problem is that different, already established filesystems: AFS,
>> Coda, NTFS, etc., all have different ACL semantics. For example, AFS
>> only has an ACL on a per-directory basis. I'm not sure about Coda, but
>> it may be the same as AFS. NTFS uses 128 bit UUID's in its ACL's to
>> name users and groups. The POSIX acl interface uses uid_t and gid_t for
>> user and group id's.
>>
>> So it would be *nice* to do this, but there's quite a lot of design work
>> to make the interfaces similar enough that a single interface could be
>> used at both the UI and system call level. I won't say that it's
>> impossible, but it's definitely non-trivial.
>
>Not to mention that auditing a system using ACLs for security is much*
>more difficult. And that such a system would break all mature UNIX
>tools' notions of what is secure. ACLs tend to be an answer for people who
>are asking the wrong question anyway.

How does a user grant crontroled access to a file to a single other user
not in his process group? (or a single user IN the process group, but not
ALL users in the process group?)

Setuid programs are not a safe way to do it since this technique is error
prone, and people do not pay enough attention to the details. Besides it does
not or is not capable of supporting certain file operations in a transparent
manner, the user accessing a file this way must copy it first. Then re-copy
it in case there have been changes... nevermind the possiblility that the
file is a journal/log file that constantly grows.

ACLs are a way a user may choose to grant controled access to file(s) to a
single other user, grant access to a predefined group of users, or deny
access to a user or group of users.

If this is the wrong question, what is the right question?
-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil

Any opinions expressed are solely my own.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Falco Hirschenberger: "Re: Unknown SCSI card"
Previous message: David Wragg: "Re: bug in socket.h (and maybe many other kernel headerfiles)"
Maybe in reply to: Alex: "Ext3 filesystem info?"
Next in thread: Jeff Haumont: "Re: Ext3 filesystem info?"