Date: Sun, 19 Aug 2001 19:53:01 -0400 From: "Ken Cross" <kcross@ntown.com> To: <freebsd-security@freebsd.org> Subject: DENY ACL's Message-ID: <017001c1290a$14962300$0200a8c0@kjc2.com>
next in thread | raw e-mail | index | archive | help
Hi: The current Posix.1e ACL implementation in -current works great as far as it goes. I'm sure this has been kicked around before (although I couldn't find anything in the archives), but it seems like adding "deny" ACL's would be a useful and fairly straightforward extension. For those not familiar with it, deny ACL's are ACL's that explicitly deny access, e.g., group Accountants are allowed access, but user George is denied access even though he is a member of Accountants. They are used extensively in the Windows NT/2K world and I need to support them on a BSD platform. The implementation is pretty straightforward -- always check deny ACL's first and then access ACL's. They'd just be a new acl_type_t value (ACL_TYPE_DENY?). I'd be happy to help with the implementation (especially since I'll be doing it regardless). Any interest or things I should know about? Ken To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?017001c1290a$14962300$0200a8c0>