Hi Alon, > Message du 08/12/07 14:27 > De : "Alon Bar-Lev" <[EMAIL PROTECTED]> > A : [email protected] > Copie à : > Objet : [ntfs-3g-devel] ACL support > > Hello, > > I've read the ACL support for ntfs-3g: > http://pagesperso-orange.fr/b.andre/security.html > > This is great that this will be provided.
Thanks > > I am curios why the mapping is not done using POSIX ACLs, so that > getfacl and setfacl will be enabled to manage the ntfs ACLs. Well, the objective was to provide the "rwx" functionality, using the NTFS ACLs. This is difficult because the underlying concepts are not the same. Trying to use an inner layer relying on another set of concepts would add up to the complexity. Just for an example. You want to provide protection modes such as 0422 (or "r---w--w-"), typically for a user to collect some logs he/she wants to be sure not to spoil. To do that you have to grant a write ACE to world, which would enable the user to write to the file, so you have to put another ACE to deny writing to the owner. The problem is (as far as I know) there is no "deny ACE" in Posix... > > Also, I think an option should be given so that the UserMapping file > may be specify at mount time. something like mount -t ntfs-3g -o > usermapping=<file> ... This is simple... and complicated. Your file might not reside on the same device, and you end up having to shedule the mounting sequence. Above all, there is a security concern if access to UserMapping is less secure than any data on the device. Any user could build an adequate UserMapping to read or destroy anything on the device... (Using plain ntfs-3g would be even more easier, but that is another point). > > Finally I want to ask regarding the mandatory label of vista, will it > be supported? > http://msdn2.microsoft.com/en-us/library/aa965848.aspx > I guess a special utility should be written for this, as as far as I > know, POSIX ACL does not support extensions (named attributes). I have not investigated much about requirements related to Vista, and I have no access to Vista myself. In what situations should this be needed ? > > Best Regards, > Alon Bar-Lev. > Regards Jean-Pierre ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ ntfs-3g-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel
