[cap-talk] More Heresey: ACLs not inherently bad
Rob Meijer
capibara at xs4all.nl
Sun Aug 31 15:56:54 CDT 2008
On Sun, August 31, 2008 03:59, Jonathan S. Shapiro wrote:
> On Sat, 2008-08-30 at 22:53 +0000, Baldur Johannsson wrote:
>
>> > 3. ACLs are not readily subdivisible. That is: it is very difficult
>> > to transfer a subset of the authority represented by a Principal.
>> > But I claim that this is also true of capability systems.
>> >
>> Can you please show me how I can wrap an access/authority into an
>> revocable and filtering forwarder?
>> And do so transparently to the access/authority receiving party?
>
> Look at the 9p or 9p2000 protocol. Think "user level proxy FS".
>
I am currently working on a third user level FS for MinorFs to
adress exactly this.
MinorCtkrFs will allow to create caretaker nodes for each unatenuated
directory subtree sparse cap. The caretaker node has 3 sets of revokable
r/w bits that can be cleared using the chmod command.
The first set defines access to the designated node. The second set for
directories defines access rights for descendant directory nodes.
The third set for directories defines rights for descendant file nodes.
I'm currently still struggling a bit with how to handle symbolic links.
Any ponters with respect to symlinks would be very much welcome.
Rob
More information about the cap-talk
mailing list