[ACL-Devel] Re: OT: ACLs for Linux
Peter Astrand
altic@lysator.liu.se
Mon, 10 Apr 2000 09:18:14 +0200 (CEST)
> Actually it is a *lack* of flexibility that is desired. More
> complexity = more difficult security policy to prove correct.
...
> Could be beauty or not -- if the sysadmin doesn't want to
> administer a such a system, can they turn off user creation? For
> example -- Users might think they are doing a good thing by giving
> 'joe' (original toolie admin) access to their files/directories with
> an ACL. But when 'joe' moves on to a different area, it becomes more
> of a maintenance headache to modify all the appropriate ACL's.
I've worked with systems that have ACLs (Windows NT, VMS, Solaris), and I
think ACLs are *much* better than the standard UGO-scheme. It's true that
it can be hard to maintain a system where users directly are given
permissions to resources, therefor you should create groups when
appropiate. But group creation can only be done by administrators; still,
sometimes it's very useful to be able to give friends access to files
without having to beg the sysadmin. The Windows NT documentation
recommends to always assign permissions to groups instead of individiual
users, and this is a good advice.
There is especially one extra thing I'd like to see in a Linux ACL
implementation: The ability to grant non-owners of a file access to change
file permissions. Currently, this can be done via a trick: If you are
member of a group that has r+w access on the file's directory, you can
copy+delete to file to take ownership. But this is a quite ugly
solution...
/Peter Astrand <altic@lysator.liu.se>
-------------------------------------------------------------------------
Linux ACL Developers List --- http://acl.bestbits.at/acl-devel/
To unsubscribe, send a message with `unsubscribe acl-devel'
in the message body to majordomo@bestbits.at.
-------------------------------------------------------------------------