[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaandScottSmith
of Johns Hopkins)
Fri, 26 Jan 2001 14:57:25 +0000
David Wagner wrote:
> Ben Laurie wrote:
> >> There's nothing about ACL's that forces you to do all-or-nothing
> >> delegation. In fact, if you look at, say, Unix file permissions (an
> >> ACL system), delegation is not all-or-nothing: you can hand off just
> >> read permission, etc.
> >I can? How?
> That's what `chmod g+r G` does: Hand off just read access to the
> file (not write access) to members of the group G. It works even
> if the owner has both read and write access. It's most definitely
> not nearly as flexible as I'd like, but it's not all-or-nothing,
I had a feeling you meant this, and it is only just not all-or-nothing.
In particular, there's a relatively small (in comparison to the number
of files on a system) number of groups, and only root can change group
membership! So, in order to allow users to actually use this facility, I
have to give them root. Nice!
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff