Hello Thomas, You probably already understood how this things work from Delbecq explanations, but since I explained myself poorly, I'll just clarify my poor english. See below.
Best regards, Miguel -----Original Message----- From: Thomas Bellembois [mailto:[EMAIL PROTECTED] Sent: segunda-feira, 27 de Junho de 2005 17:18 To: Slide Developers Mailing List Subject: Re: ACL evaluation Hello Miguel, I don't understand two thinks : 1. When you say that "the first inherited is always the last processed", do you mean that Slide processes inheritable ACE on /b, then inheritable ACE on /a ... ? Miguel> first inherited here would be /files on the /slide/file/a/b/c.txt path. 2. Why ACEs on a resource are not enougth to grant or deny a permission (cf. my problem on /files/partage/demoEsup) ? Miguel> ACEs on a resource should be enough to grant or deny a permission. They have the 'heavier weight' on deciding it. If that doesn't work something must be wrong. bonus. :-) How can we know exactly what ACEs to put to grant or deny a permission (how Slide processes permissions exactly ?) Miguel> I make Delbecq words mine :) Thank you. Thomas Miguel Figueiredo wrote: >Hello Thomas, > > Inherited ACEs are always resolved last. For example, take the following >path: > >/slide/file/a/b/c.txt > >Slide first checks for c.txt ACEs, then b/ ACEs, then a/ until slide/ >collection's ACEs. Means that inherited ACEs are always processed last, and >the first inherited is always the last processed. > >Hope this helps, >Miguel Figueiredo > >-----Original Message----- >From: Thomas Bellembois [mailto:[EMAIL PROTECTED] >Sent: segunda-feira, 27 de Junho de 2005 15:35 >To: Slide Developers Mailing List >Subject: ACL evaluation > >Hello, > >I have a problem trying to put permission on one resource. >I have understood that ACL's are evaluated from the top to the bottom. >But what about inherited ACL's ? Are they evaluated first ? >I could not find this information neither in the RFC or in the mailing >list. :-( > >My problem is that I have the following permissions : >/files/partage : deny all all inheritable >/files/partage/demoEsup : grant read /users/demoEsup inheritable, grant >write /users/demoEsup inheritable > >And the user demoEsup can not read or write in the folder >/files/partage/demoEsup. >But if I change the permission on /files/partage into : >/files/partage : deny write all inheritable >it works... > >Any idea ? > >Thank you very much > >Thomas > > > -- +---=( Thomas Bellembois )=---+ | CRI - University of Rennes 1 - FR | | [EMAIL PROTECTED] | | +33 2 23 23 69 60 | +-----------------------------------+ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
