gt0178a@prism.gatech.EDU (Jim Burns) (06/24/91)
in article <BZS.91Jun22125410@world.std.com>, bzs@world.std.com (Barry Shein) says: > One common reason this comes up is to implement access list protection > (where we store a list of pairs, user/permissions.) This is required > (or the accepted way to meet standards) by one of the Orange Book > classifications (B2 I believe.) I rather liked the IDEA of ACL lists, being first exposed (briefly) to them in VMS. The one implementation of them I saw, tho', HP-UX 7.0's, had a flaw that any time you use 'chmod', it wipes out the ACL list. Seems to me that chmod should just change the base permissions in the ACL list, not wipe them out. Chmod permissions and ACL permissions should be more closely integrated, possibly wiping out conflicting ACL requirements, but not wiping them out altogether. I hope this practice is NOT 'an accepted way to meet standards', and not part of POSIX, etc. Any comments? -- BURNS,JIM (returned student) Georgia Institute of Technology, 30178 Georgia Tech Station, Atlanta Georgia, 30332 | Internet: gt0178a@prism.gatech.edu uucp: ...!{decvax,hplabs,ncar,purdue,rutgers}!gatech!prism!gt0178a
shankar@hpcupt3.cup.hp.com (Shankar Unni) (06/26/91)
SLIGHT DRIFT: In comp.unix.wizards, gt0178a@prism.gatech.EDU (Jim Burns) writes: > The one implementation of them I saw, tho', HP-UX 7.0's, had > a flaw that any time you use 'chmod', it wipes out the ACL list. Check the -A option to chmod. "preserves the ACL list". It doesn't actually modify the ACLs, because there is no simple mapping between ACLs and ordinary Unix permissions. Instead, there is chacl(1). BACK TO THE FEATURE FLAMES... ----- Shankar Unni E-Mail: HP India Software Operation, Bangalore Internet: shankar@india.hp.com Phone : +91-812-261254 x417 UUCP: ...!hplabs!hpda!shankar
pd@x.co.uk (Paul Davey) (06/27/91)
>>>>> On 24 Jun 91 10:28:05 GMT, gt0178a@prism.gatech.EDU (Jim Burns) said:
Jim> in article <BZS.91Jun22125410@world.std.com>, bzs@world.std.com (Barry Shein) says:
Jim> I rather liked the IDEA of ACL lists, being first exposed (briefly) to
Jim> them in VMS. The one implementation of them I saw, tho', HP-UX 7.0's, had
Jim> a flaw that any time you use 'chmod', it wipes out the ACL list. Seems to
Jim> me that chmod should just change the base permissions in the ACL list, not
Jim> wipe them out. Chmod permissions and ACL permissions should be more
Jim> closely integrated, possibly wiping out conflicting ACL requirements, but
Jim> not wiping them out altogether. I hope this practice is NOT 'an accepted
Jim> way to meet standards', and not part of POSIX, etc. Any comments?
The best implementation I've seen of ACLs under Unix is in Apollo's
DomainOS (after SR10). Extended permissions could be masked out by a
chmod a-w, but the information was stored and could be recalculated
via an option to the `chacl' command. (There is also an `lsacl').
The ACL schemes I've seen in HP-UX and AIX do not seem as well designed
to me in both concept and ease of use.
The Apollo method also allowed keep and protect permission (required
by Aegis) to be specified for file objects, keep being the inability
to delete a file, protect being the right to change the permsisions.
The other major change was that Apollos have a super-group called
organisation, which is a level of grouping between group and world.
This was hidden from the unix tools, but visible via the ACLs.
Apollos pre SR10 Unix permissions (in Domain-IX were a scream however.
Unix mode was implemented in terms of ACLs in an ACL-cache which could
get corrupted with *bizzare* results. At SR10 key ACLs (basically
those synonymous with the unix permissions) were moved into the
equivalent of the inode (Domain file systems are distributed over all
Apollo nodes) , which can hold a pointer to a block of extended
(normal style) ACLs.
ACLs are very good for security (Unix permissions are too wide for the
higher orange book levels), but in my experience they are too much
trouble to administer on a day to day level for most files. They allow
very great control of permissions on specific files and users or
groups.
--
Regards, pd@x.co.uk IXI Limited
Paul Davey pd@ixi.uucp 62-74 Burleigh St.
...!uunet!ixi!pd Cambridge U.K.
"These are interesting times" +44 223 462 131 CB1 1OJ
USA: 1 800 XDESK 57goldfish@concour.cs.concordia.ca (Paul Goldsmith) (06/28/91)
In article <49110001@hpcupt3.cup.hp.com> shankar@hpcupt3.cup.hp.com (Shankar Unni) writes: |SLIGHT DRIFT: | |In comp.unix.wizards, gt0178a@prism.gatech.EDU (Jim Burns) writes: | |> The one implementation of them I saw, tho', HP-UX 7.0's, had |> a flaw that any time you use 'chmod', it wipes out the ACL list. | |Check the -A option to chmod. "preserves the ACL list". It doesn't actually |modify the ACLs, because there is no simple mapping between ACLs and |ordinary Unix permissions. Instead, there is chacl(1). | |BACK TO THE FEATURE FLAMES... |----- |Shankar Unni E-Mail: |HP India Software Operation, Bangalore Internet: shankar@india.hp.com |Phone : +91-812-261254 x417 UUCP: ...!hplabs!hpda!shankar Are you sure that you are talking about a HP product? Last time I looked, ACL were part of the APOLLO operating system that HP has been killing for the last two years. I would be surprised that HP was supporting a non-mainstream (non-POSIX) feature, and based on their treatment of Apollo DOMAIN-OS, they wouldn't know what to do with a good idea if it fell in their laps (which it did, and they didn't) -- -- Paul Goldsmith <goldfish@concour.cs.concordia.ca> (514) 848-3031 (Shirley Maclaine told me there would be LIFETIMES like this) the future isn't what it used to be; and possibly, never was (ao)
schwartz@roke.cs.psu.edu (Scott Schwartz) (06/28/91)
In article <PD.91Jun27110637@powys.x.co.uk> pd@x.co.uk (Paul Davey) writes: | ACLs are very good for security ... but in my experience they are | too much trouble to administer on a day to day level for most files. I had just the opposite experience with Primos, where objects use the ACL of the directory they are in unless you specifically set one. File protections were no trouble at all -- much easier than in Unix, especially if you were sharing things.
pd@x.co.uk (Paul Davey) (06/28/91)
>>>>> On 27 Jun 91 17:19:49 GMT, goldfish@concour.cs.concordia.ca (Paul Goldsmith) said:
-> Are you sure that you are talking about a HP product? Last time I
-> looked, ACL were part of the APOLLO operating system that HP has been
-> killing for the last two years. I would be surprised that HP was
-> supporting a non-mainstream (non-POSIX) feature, and based on their
-> treatment of Apollo DOMAIN-OS, they wouldn't know what to do with a
-> good idea if it fell in their laps (which it did, and they didn't)
HP-UX has a different implementation of ACLs to DomainOS. As I said in
a previous posting the ACLs in DomainOS are IHMO superior to those in
HP-UX. Of course Apollo Domain is an HP product now anyway...
Anybody know what OSF/1 has in it? Different again?
--
Regards, pd@x.co.uk IXI Limited
Paul Davey pd@ixi.uucp 62-74 Burleigh St.
...!uunet!ixi!pd Cambridge U.K.
"These are interesting times" +44 223 462 131 CB1 1OJ
USA: 1 800 XDESK 57jfh@rpp386.cactus.org (John F Haugh II) (06/28/91)
In article <598@daily-planet.concordia.ca> goldfish@concour.cs.concordia.ca (Paul Goldsmith) writes: > I would be surprised that HP was >supporting a non-mainstream (non-POSIX) feature, and based on their >treatment of Apollo DOMAIN-OS, they wouldn't know what to do with a >good idea if it fell in their laps (which it did, and they didn't) There are POSIX ACLs. Please refer to 1003.6 for more details. I'm not saying that HP-UX or DOMAIN-OS uses POSIX ACLs, but there is an emerging standard that will one day give us ACLs ... -- John F. Haugh II | Distribution to | UUCP: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 255-8251 | GEnie PROHIBITED :-) | Domain: jfh@rpp386.cactus.org "UNIX signals are not interrupts. Worse, SIGCHLD/SIGCLD is not even a UNIX signal, it's an abomination." -- Doug Gwyn
paul@prcrs.prc.com (Paul Hite) (06/28/91)
In article <598@daily-planet.concordia.ca>, goldfish@concour.cs.concordia.ca (Paul Goldsmith) writes: < In article <49110001@hpcupt3.cup.hp.com> shankar@hpcupt3.cup.hp.com (Shankar Unni) writes: < |Check the -A option to chmod. "preserves the ACL list". It doesn't actually < |modify the ACLs, because there is no simple mapping between ACLs and < |ordinary Unix permissions. Instead, there is chacl(1). < < Are you sure that you are talking about a HP product? Last time I < looked, ACL were part of the APOLLO operating system that HP has been < killing for the last two years. I would be surprised that HP was < supporting a non-mainstream (non-POSIX) feature, Well, SURPRISE! ACL's are indeed in HP-UX 7.0 and HP-UX 8.0. It must be *quite* a while since you've looked... Paul Hite PRC Realty Systems McLean,Va paul@prcrs.prc.com (703) 556-2243 "We are trying to bring up an Air Traffic Control display on an X window terminal and there seems to be some problems." -- from comp.windows.x