On Thu, Jun 26, 2003 at 03:29:04AM -0400, Carson Gaspar wrote: > --On Wednesday, June 25, 2003 10:01 PM -0700 jw schultz <[EMAIL PROTECTED]> > wrote: > > >I'd say that a security regimen that requires xattrs to > >tighten security is misguided. > > And you'd be wrong. Simple user/group security is not _nearly_ enough for > all sorts of use cases. Simple use case: > > - Alice and Bob need to read the file > - Charlie and David need read/write access > - Nobody else should have any access > > Impossible with simple user/group permissions.
Not impossible. I've done that sort of thing many times. -rwxr-x--- 1 charlie cdab 3658 Jan 20 17:35 . -rw-rw-r-- 1 charlie david 3658 Jan 20 17:35 the_file Or so you don't need root to "chgrp david the_file" -rw-rw-r-- 1 charlie charliedave 3658 Jan 20 17:35 the_file Be very careful stating that something is impossible. Just because you haven't imagined how doesn't mean that there isn't a way. For that matter what often seems impossible is in reality trivial when looked at from another perspective. There are more complex scenarios i can imagine for which acceptable solutions without ACLs are not available. But that is beside the point. I'm still right. You have misunderstood. I did not say that simple user/group permissions were sufficient for all problems. Nor did i did impune the use of xattrs to loosen security. You will find that most definitions of ACLs--including POSIX--only allow you to grant access, not revoke it. In the case of your example you would not give the file 666 permissions and then tighten it down with ACLs. You would give the file 600 perms and then use ACLs to grant permissions to non-owners. You also removed the context of my statement which was Martin's comment: | In cases where xattrs are used for security information, it | might not be sufficient to apply them just at the end of the | transfer. That might make the permissions on the temporary | file too weak. Or perhaps not -- I just didn't want to | think about it. :-) My point is that i'm not going to anguish over broken regimens that use xattrs to tighten the security. ACLs and capabilities should be used to grant, not revoke. That way if something happens that looses or disables xattrs your system is not compromised. Further by applying the xattrs last you ensure that the file is intact with correct ownership before enabling anything. -- ________________________________________________________________ J.W. Schultz Pegasystems Technologies email address: [EMAIL PROTECTED] Remember Cernan and Schmitt -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html