| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Aug 2007 13:34:44 -0400 From: Phillip Susi <psusi@....rr.com> To: Kyle Moffett <mrmacman_g4@....com> CC: Michael Tharp <gxti@...tiallystapled.com>, alan <alan@...eserver.org>, Marc Perkel <mperkel@...oo.com>, LKML Kernel <linux-kernel@...r.kernel.org>, Lennart Sorensen <lsorense@...lub.uwaterloo.ca> Subject: Re: Thinking outside the box on file systems Kyle Moffett wrote: > Going even further in this direction, the following POSIX ACL on the > directories will do what you want: > > ## Note: file owner and group are kmoffett > u::rw- > g::rw- > u:lsorens:rw- > u:mtharp:rw- > u:mperkel:rw- > g:randomcvsdudes:r- > default:u::rw- > default:g::rw- > default:u:lsorens > default:u:mtharp:rw- > default:u:mperkel:rw- > default:g:randomcvsdudes:r- The problem that I have with this setup is that it specifies an ACL on EACH file. Yes, you can set a default on the directory for newly created files, but what if I want to add a user to the access list for that whole directory? I have to individually update every acl on every file in that directory. Also if you move a file created elsewhere into that directory, it retains its existing permissions doesn't it? I would rather just add a new ace to the directory itself which specifies that it applies to the entire tree. Then you only need to store a single acl on disk, and only have to update one acl to add a new user. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists