Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 24 Oct 1996 17:10:35 -0600 (MDT)
From:      Softweyr LLC <softweyr@xmission.com>
To:        wollman@lcs.mit.edu (Garrett Wollman)
Cc:        security@freebsd.org, softweyr@xmission.xmission.com (Softweyr LLC)
Subject:   Re: Any FreeBSD security topics of interest?
Message-ID:  <199610242310.RAA01706@xmission.xmission.com>
In-Reply-To: <9610221416.AA23679@halloran-eldar.lcs.mit.edu> from "Garrett Wollman" at Oct 22, 96 10:16:11 am
next in thread | previous in thread | raw e-mail | index | archive | help 
> I have to say that I have always preferred AFS's per-directory ACL
> semantics to the more commonly implemented per-file ACLs.  AFS does
> not use the group and other permission bits at all, but applies the
> user bits as a mask against certain rights given by the ACL.  The
> permission bits in AFS ACLs are `rwidlka', for `read', `write',
> `insert', `delete', `lookup', `lock', and `administer' (i.e., change
> the ACL).  This enables certain nice features such as authenticated
> local mail delivery (make a directory with permissions `System:AnyUser
> lik' and they can create new mail files in that directory but cannot
> read, write, or delete existing ones; the owner of the file is the
> authenticated sender).

I had the opposite reaction the first time I read about them: why did
they do this?  The AFS ACL system does not, for instance, allow you to
make a setuid-root executable that can be run by wes, sam, and DJ,
but nobody else, unless you create a group that holds only those people
and make it group executable.  This leads to a lot of small special-
purpose groups that have to be maintained.

The per-file ACLs do demand more administration, but also allow more
power and flexibility.

The AFS model does show that we can implement more semantics that just
read, write, and execute however.  The overlaid semantics of rwx and
sticky on directories could be eliminated by adding a 'delete' privilege
to the file ACL, like VMS has.

Lotsa design work to be done on this project, eh?  ;^)


-- 
          "Where am I, and what am I doing in this handbasket?"

Wes Peters                                                       Softweyr LLC
http://www.xmission.com/~softweyr                       softweyr@xmission.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610242310.RAA01706>