[cap-talk] More Heresey: ACLs not inherently bad
John Carlson
john.carlson3 at sbcglobal.net
Wed Sep 10 10:13:45 CDT 2008
On Sep 10, 2008, at 8:09 AM, John Carlson wrote:
>
> On Sep 10, 2008, at 7:56 AM, John Carlson wrote:
>
>>
>> On Sep 10, 2008, at 3:30 AM, Jonathan S. Shapiro wrote:
>>
>>> On Tue, 2008-09-09 at 20:30 -0700, Charles Landau wrote:
>>>> Jed Donnelley wrote:
>>>>> Sorry - I was clear on that. I shouldn't have included the leaf
>>>>> object in the above <> (see below as to what I was thinking).
>>>>> What
>>>>> I don't understand is how such a directory-like object
>>>>> distinguishes
>>>>> between a fetch by the "new process" from a fetch by some other
>>>>> process (old process). Are you imagining some Horton-like
>>>>> mechanism
>>>>> where the relevant processes get different capabilities to the
>>>>> directory-like object so that the directory-like object can
>>>>> distinguish the fetches?
>>>>
>>>> Each time you pass a different set of capabilities to a process,
>>>> you
>>>> construct a new directory-like object that will give access to
>>>> that set.
>>>> So in general, different processes will receive capabilities to
>>>> different directory-like objects. It needn't use Horton.
>>>
>>> This is precisely the operation that is both performance
>>> prohibitive and
>>> (human) complexity prohibitive. It will turn out that humans can't
>>> make
>>> the necessary decisions to decide what goes in to those directories.
>>
>> Perhaps the directory could be created based on a searches? What
>> determines what can be searched, and does searching require ambient
>> authority?
>
> $ find ~carlson | sed 's/ /\\ /g'|xargs grep -l Carlson
Obviously this is too complex for the ordinary user. Spotlight or
Explorer could provide results from searches that the user could
further filter.
John
More information about the cap-talk
mailing list