Date: Tue, 22 Oct 1996 10:16:11 -0400 From: Garrett Wollman <wollman@lcs.mit.edu> To: cschuber@uumail.gov.bc.ca Cc: security@FreeBSD.ORG Subject: Re: Any FreeBSD security topics of interest? Message-ID: <9610221416.AA23679@halloran-eldar.lcs.mit.edu> In-Reply-To: <199610220144.SAA00894@cwsys.cwent.com> References: <199610201716.LAA04095@obie.softweyr.com> <199610220144.SAA00894@cwsys.cwent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Mon, 21 Oct 1996 18:44:16 -0700, Cy Schubert <cy@cwsys.cwent.com> said: > Solaris uses two comma > nds to manage ACL's, setfacl and getfacl. The > ls -l listing has also changed to add a + to the permissions to > indicate that ACL's are in use, e.g., > -rw-r--r--+ 1 root other 137 Oct 11 11:18 foo I have to say that I have always preferred AFS's per-directory ACL semantics to the more commonly implemented per-file ACLs. AFS does not use the group and other permission bits at all, but applies the user bits as a mask against certain rights given by the ACL. The permission bits in AFS ACLs are `rwidlka', for `read', `write', `insert', `delete', `lookup', `lock', and `administer' (i.e., change the ACL). This enables certain nice features such as authenticated local mail delivery (make a directory with permissions `System:AnyUser lik' and they can create new mail files in that directory but cannot read, write, or delete existing ones; the owner of the file is the authenticated sender). -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, ANA, or NSA| - Susan Aglukark and Chad Irschick
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9610221416.AA23679>