From owner-freebsd-security Sat Jan 6 8:41:45 2001 From owner-freebsd-security@FreeBSD.ORG Sat Jan 6 08:41:43 2001 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 07FE437B400 for ; Sat, 6 Jan 2001 08:41:43 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id f06Gfe717140; Sat, 6 Jan 2001 11:41:40 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Sat, 6 Jan 2001 11:41:40 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Wintermute Cc: freebsd-security@freebsd.org Subject: Re: Access Control In-Reply-To: <4.3.1.2.20001231051923.00aa2d90@mail.c2032.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: robert@fledge.watson.org Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sun, 31 Dec 2000, Wintermute wrote: > I was wondering if anyone here has had any experience with implementing > access control system(s) in FreeBSD. If anyone has any information > regarding their experience with ACLs, etc. under FreeBSD (i.e. TrustedBSD), > sharing that info would be very much appreciated! :) Most of the TrustedBSD work is still experimental -- that said, experimentation is welcome :-). The TrustedBSD patches require recent -CURRENT systems, as they rely on extended attributes, only available in -CURRENT. As such they're not ready for production use, although I've been using most of the features on my workstation and a server or two for the past few months, including ACLs and Capabilities. The ACL support currently lacks a POSIX.2c-compliant ACL setting tool, although it does include tools for settings ACLs in a non-compliant manner. If you're interested in contributing in that area, that would also be welcome. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message