[cvsnt] Re: chacl problem configuring access to individual files
Oliver Koltermann
okoltermann_deletethis_ at gmx.de
Fri Apr 28 14:30:25 BST 2006
Hello again,
Oliver Koltermann <okoltermann_deletethis_ at gmx.de> writes:
> Gerhard Fiedler <lists at connectionbrazil.com> writes:
>
> > I'd expect a more specific setting to override a more general setting, so
> > giving write access to a specific file should IMO override the missing
> > write access on the directory.
> >
> > What would be the rationale for the write access on the file being
> > overridden by the missing write access on the directory? In that case, what
> > would be the purpose of being able to grant write access to a file?
>
> If I remember correctly, the normal way it is interpreted on *nix is,
> that directory write gives the right to create/modify the directory
> entries, e.g. adding new files. The access of existing files is
> determined by the files permission. There is no specific-to-general
> relation as you assumed.
>
> For example if a user has no directory read access, he is not able to
> list the contents of the directory. But if he knows the name of a file
> in this directory with read access right for him, he can access this
> file. I hope this makes the concept clear.
>
> And I hope I understand it right... ;-)
> Comments appreciated!
after reading the corresponding manual page for CVSNT (shame on me!) I
realized, that my description does not completely fit the CVSNT's ACL
scheme. Different from *nix ACL there is a special create permission
for the directory and the read/write permissions are indeed for the
contained files. The manual states the following:
"For a user to have access to a directory, they must have at least
read access to all the directories above it. If a user has a 'no
access' ACL on a parent directory they cannot be granted access to
directories below it."
I assume the same is true for the write access right.
Best regards,
O. Koltermann
More information about the cvsnt
mailing list