[cap-talk] The ACL model is incomplete
Bill Frantz
frantz at pwpconsult.com
Thu Apr 8 11:59:57 PDT 2010
On 4/7/10 at 10:33 AM, alan.karp at hp.com (Karp, Alan H) wrote:
>Perfect. On the third page (page 463) they introduce the "own"
>permission for a file. This permission is outside the ACL
>model because it is part of the ACL entry for the file, but it
>is a permission on the ACL entry itself, not the file.
>Interestingly, "own" cannot be granted to any other user.
[Catching up after a 3 day DSL outage.]
This concept is perhaps the key to why Unix/Mac can't implement the
Periwinkle security policy, which is:
Every file created by either Bill or Peri, either locally or
on a
server, should be owned by both of them and permissions
should be
changeable by both of them.
[We consider this policy reasonable for a couple that has been together
for 40 years. :-)]
We currently implement this policy by sharing a single user ID,
but that
prevents us from having separate profiles (e.g. Programs
accessible from
the dock.)
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | Snow shuts down federal | Periwinkle
(408)356-8506 | government, life goes on. | 16345
Englewood Ave
www.pwpconsult.com | - Associated press 2/9/2010 | Los Gatos,
CA 95032
More information about the cap-talk
mailing list