In a deep and meaninful conversation with a list member whom I work with we were discussing the future of computer operating systems. One of the feature that it was decided on would be required to really boost *NIX OS's was on from NT (and Netware) which is file access lists. Does any one know of a way of implementing a per USER based access lists for files on *NIX. i.e.
file foo.bar can be read by fred and alice, bob has write and read access and Eve has no access.
As far as I am aware there is know way of doing this easily
Thanks
D
===== -------------------- "We all know Linux is great... it does infinite loops in 5 seconds." Linus Torvalds
__________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
on Sat, Jul 28, 2001 at 09:56:34AM -0700, David Freeman scribbled:
In a deep and meaninful conversation with a list member whom I work with we were discussing the future of computer operating systems. One of the feature that it was decided on would be required to really boost *NIX OS's was on from NT (and Netware) which is file access lists. Does any one know of a way of implementing a per USER based access lists for files on *NIX. i.e.
Yes, lots of work is being done on this, several methods exist now, and will be far more accessible in 2.6.x
file foo.bar can be read by fred and alice, bob has write and read access and Eve has no access.
As far as I am aware there is know way of doing this easily
It really depends on how you define easily really. Several kernel patches and system reconfigurations exist, and one main one is being worked on for 2.5 and 2.6 to unify the approaches kernel-side. Working at the moment: NSA & NAI's SELinux http://www.nsa.gov/selinux/ Linux Intrustion Detection System http://www.lids.org/ and to unify these (hopefully) with projects such as SubDomain (by the people who made StackGuard/FormatGuard): Linux Security Module http://lsm.immunix.org/ http://lsm.antisoft.com/ The first link is potentially dead since they're relocating the server.
On Sat, 28 Jul 2001, David Freeman wrote:
As far as I am aware there is know way of doing this easily
Well you could run either AIX or HP-UX which have supported ACLs for ages, I think that SGIs XFS also may support ACLs and there are some other bolt-on ACL systems for other Unixs as explained by xsprite!
Now what you really are asking for is a system supported by all vendors which is probably more difficult....
Personally I have a bit of a hate of ACLs as they can be difficult to manage, In the sense that I have never seen a system that makes it very easy to *not* make the mistake of elevating someones privileges accidently!
Adam
on Sat, Jul 28, 2001 at 07:39:55PM +0100, Adam Bower scribbled:
On Sat, 28 Jul 2001, David Freeman wrote:
As far as I am aware there is know way of doing this easily
Well you could run either AIX or HP-UX which have supported ACLs for ages, I think that SGIs XFS also may support ACLs and there are some other bolt-on ACL systems for other Unixs as explained by xsprite!
XFS seems to have some ACL support, conforming to POSIX ACLs http://acl.bestbits.at/pre/
Now what you really are asking for is a system supported by all vendors which is probably more difficult....
Admittedly it might be over the top for single user uses, but what about AFS? http://www.faqs.org/faqs/afs-faq/ There's support for it from hp, next, dec, ibm, sun, sgi, winnt (client only afaik), linux, (net|open|free)bsd..
-
Adam Bower -
David Freeman -
xsprite@bigfoot.com