GBOPOLY1@NUSVM.BITNET (fclim) (12/05/88)
i refer to my previous comments on aegis acls. after some discussion with colleagues, i decided that i don't like the "additional" acl rights -- p, g, n, c, a, l, s, e, and d. these may cause more damage as they confuse users who would then give the wrong rights. i still prefer unix rwx on files and directories but with the introduction of lists so that users may define their own groups. as in unix, the file system should keep a record of the owner of the file or directory; only the user or root (or sys_admin) may be allowed to chmod the file's permission. (ie only the user or root has the p rights.) the group and other fields in the file permission should be replaced by a list. for example, % ls -l foo -rw- 1 haha * * foo says that the file foo is owned by foo. so only foo and root may change the rights on foo. % /com/acl foo acls on file foo: haha.%.%.% rw- bar.%.%.% rw- fubaz.%.% r-- %.%.%.% --- says that haha and bar (and root) may edit the file; fubaz may only read the file and all others have no rights. here, fubaz and foo may not be in the same group and other users in the foo's group may be denied access. as in unix, a 'r' right on a directory means ls may list the directory, (like a 's' acl right); a 'w' allows the account to create a file (or a directory), create a link, and to delete subordinate objects (files, directories or links); and a 'x' allows users to search or access files in that directory. a hard or soft linked object has the same rights as the original object. finally, i believe that the unix's set-uid bit should be replaced by aegis concept of a sub-system as this is much better in terms of security besides other benefits. fclim --- gbopoly1 % nusvm.bitnet @ cunyvm.cuny.edu computer centre singapore polytechnic dover road singapore 0513.