Date: Mon, 29 Apr 1996 14:30:24 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: helio@compuland.com.br (Helio Coelho Junior) Cc: questions@FreeBSD.ORG Subject: Re: Password in a directory Message-ID: <199604292130.OAA05136@phaeton.artisoft.com> In-Reply-To: <199604280016.VAA01732@sv.compuland.com.br> from "Helio Coelho Junior" at Apr 27, 96 09:16:33 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> Is it possible to put a password in a directory, so the > user need to type to have access granted ? No. Because: 1) Credentials are associated with processes; they are not seperate authentication instances (this is an error in the design of UNIX). 2) You can't associate another credential to indicate an "authenticated user" of a directory. There is one credential for a process. 3) You can't associate an authentication instance with a presence of a process "in" a hierarchy because of the concept of "current directory" (this is another error in the design of UNIX). 4) There is no way for the kernel to call back to the user to request an authentication at access time. You *could* set up a kludge based on an error followed by an ioctl() that swould have to be built into a library interface used by all code. It would be a pain to do, since every application would require changes. This is because UNIX does not support a "broadcast port" mechanism. Supporting such a mechanism would require (1) terminal dependence of all applications (that's how VMS does it), or an automaton per terminal type (not practical), or a callback/requester (assumes credentials are associated with a session manager and the user is running in a graphica environemnt (that's how UnixWare handles NetWare client authorization and why SMBFS is a bad idea on FreeBSD and Linux). If you have a specialized application, you could hack it, on the assumption that only someone running the application and using it to authenticate, or root, would ever access the directory. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199604292130.OAA05136>