> case, what it sounds like you're doing really is trying to protect
> the user from himself, which is not what I generally consider
No, protection from self would be mandatory _default_ controls.
This is rather nice I think, with auditing for overrides...
Mandatory Access Control is intended to hinder spies. If a competitor
wants all your sales contacts, they could use a spy. This spy could
try to email your database out or put it on a Zip disk. Mandatory
access control makes this task very difficult and slow, even if the
spy is allowed to keep a private copy of the database in their home
directory and is allowed to transfer huge files to anywhere desired.
Don't bother with the printer either -- all sheets get marked in huge
letters at top and bottom.
>>> Also, things are
>>> far more complex to review if any user can give access to anyone through
>>> acls. The acls are not seen directly with ls
>>
>> ls is fixable. Possibly by extending "ls -l" to show acl's or at
>> least indicate in some way that acl's are present. The latter may
>> be preferable to avoid script incompatibilities, sonething like this:
>> Arw-r--r-- 1 helge helge 140 Feb 9 1999 .bash_profile
>> The 'A' indicates that acl(s) are present, the user may then use
>> something like "ls --acl" and get the full acl information.
This is already defined by standards and convention.
The standard: add one extra character after the mode
Convention: add a '+' to indicate an ACL
-rw-rw-r-- 1 albert albert 25275 Feb 17 1999 plain-file
-rw-rw-r--+ 1 albert albert 3049 Sep 8 21:06 regular-ACL
-rw-rw-r--/ 1 albert albert 6304 Sep 8 15:51 legal-but-odd
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/