Re: ACLs: Merits and Demerits
On Mon, Mar 20, 2000 at 09:03:53PM -0600, Christopher Browne wrote:
> As a Completely Different Thought (which I periodically bring up), it
> might be worth looking back into the past; TOPS-10 had an ACL system
> controlled by a daemon called FILDAE where, rather than sticking the
> ACL data into nodes on the filesystem, it centralized them into a set
> of patterns in a file.
>
> Approach: If accesses fail, due to the "usual" ugo/GECOS fields
> indicating NO access, the kernel would send a message to FILDAE asking
> if the ACLs would permit access based on the rule set. If so, then
> FILDAE would tell the kernel to give access.
>
> This seems to be a rather Hurd-like approach; with Hurd, it is quite
> natural to add a daemon of this sort...
I really like that idea! It could be compared to the sudo solution for
setuid programs: Leave the ugo-permission system as it is with no overhead,
but have the possibility for a extremely flexible, fine-grained system
for those files where you need it. And all we need for it is a hook for a
deamon that is called as soon as the permissions for a file are denied! And
it that hook is called with the UID of the user owning the file, the whole
thing could even be completely in user space! A transparent solution for all
security risks caused by suid files! Very hurd-like...
--
-- ______________________________________________________
-- JESUS CHRIST IS LORD!
-- To Him, even that machine here has to obey...
--
-- _________________________________Norbert "Nobbi" Nemec
-- Hindenburgstr. 44 ... D-91054 Erlangen ... Germany
-- eMail: <nobbi@cheerful.com> Tel: +49-(0)-9131-204180
Reply to: