Date: Sat, 13 Mar 1999 20:20:03 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Alan Weber <aaweber@austin.rr.com> Cc: freebsd-security@freebsd.org Subject: Re: disapointing security architecture Message-ID: <Pine.BSF.3.96.990313201103.2563G-100000@fledge.watson.org> In-Reply-To: <19990313190305.A1423@austin.rr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 13 Mar 1999, Alan Weber wrote: > On Fri, Mar 12, 1999 at 10:34:46PM -0600, David Scheidt wrote: > --> On Fri, 12 Mar 1999, Matthew Dillon wrote: > > --> : You know, it wouldn't cost too much to implement ACLs with an extra > --> : inode if we implemented an ACL cache, allowing multiple references to > --> : the same ACL inode. When someone changes the ACL associated with a file, > --> : it would hop to a different ACL inode. There'd have to be a mechanism > --> : to prevent excessive fragmentation but I think it would work in general > --> : terms and not even eat that many inodes. > > --> Something like this certainly makes sense. You need to keep track of how > --> many files are using that ACL inode, but that is much the same problem as > --> hard links. What I wonder about is what the hit rate is going to be? I am > --> fairly sure that most of my ACLs will be identical, so I suppose the odds of > --> having one in core is pretty high. You would also win on what ever the ACL > --> equivelant of chmod * is. > > I would suggest that each directory have an ACL inode and that by default each > file will use the inode of the directory ACL inode. This will cause ACLs to > propagate down a directory tree when subdirectories are created. I generally > administer access rights on a directory basis. I am very used to the NetWare > trustee scheme and find if very convenient to manage user file permissions > on a directory basis. Would it be possible to increase the granularity of > the permissions with the ACL scheme (delete, create, rename, write, append, > read, grant, etc.)? I would be willing to help on implementing ACLs. While I recognize the simplicity and usefulness of per-directory ACLs (a la AFS and Coda), I suspect that ACLs in the style of POSIX.1e will probably achieve greater portability (Solaris, Linux, etc). Since permissions are currently on the granularity of files, the POSIX.1e mechanism is probably also more consistent with the current permission model. Robert N Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: 03 01 DD 8E 15 67 48 73 25 6D 10 FC EC 68 C1 1C Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ Safeport Network Services http://www.safeport.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.990313201103.2563G-100000>