[cvsnt] Re: chacl problem configuring access to individual files
Michael Wojcik
Michael.Wojcik at microfocus.com
Fri Apr 28 17:58:36 BST 2006
> From: cvsnt-bounces at cvsnt.org
> [mailto:cvsnt-bounces at cvsnt.org] On Behalf Of Gerhard Fiedler
> Sent: Friday, 28 April, 2006 11:01
>
> Oliver Koltermann wrote:
>
> > If I remember correctly, the normal way it is interpreted on *nix
is,
> > that directory write gives the right to create/modify the directory
> > entries, e.g. adding new files. The access of existing files is
> > determined by the files permission. There is no specific-to-general
> > relation as you assumed.
>
> I kind of disagree with the last sentence. If you have the right to
create
> new files in a directory (that is, write permission for the
directory), you
> by inheritance have the right to write to the files in that directory
--
> unless there is a more specific permission set on a file that
prohibits you
> from writing (or vice versa). I think that's the same on *ix and WinNT
type
> systems. That's the specific-to-general rule I was talking about.
Not for traditional Unix filesystem permissions. Those have no
inheritance mechanism at all (except for the very limited "sticky bit"
special case for directories). Traditional Unix filesystem permissions
cannot be omitted; a given user does or does not have a permission to
perform a given action.
For any given user and any given filesystem object in a traditional Unix
permissions model, exactly one of the {owner, group, other} mode bit
vectors will apply. That vector then determines which types of access
are allowed. Each type of access (write, read, and execute/traverse) is
a bit, so the only options are "granted" or "denied".
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus
More information about the cvsnt
mailing list