[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaandScottSmith of Johns Hopkins)

Ben Laurie ben@algroup.co.uk
Fri, 26 Jan 2001 14:57:25 +0000


David Wagner wrote:
> 
> Ben Laurie  wrote:
> >> There's nothing about ACL's that forces you to do all-or-nothing
> >> delegation.  In fact, if you look at, say, Unix file permissions (an
> >> ACL system), delegation is not all-or-nothing: you can hand off just
> >> read permission, etc.
> >
> >I can? How?
> 
> That's what `chmod g+r G` does: Hand off just read access to the
> file (not write access) to members of the group G.  It works even
> if the owner has both read and write access.  It's most definitely
> not nearly as flexible as I'd like, but it's not all-or-nothing,
> either.

I had a feeling you meant this, and it is only just not all-or-nothing.
In particular, there's a relatively small (in comparison to the number
of files on a system) number of groups, and only root can change group
membership! So, in order to allow users to actually use this facility, I
have to give them root. Nice!

Cheers,

Ben.

--
http://www.apache-ssl.org/ben.html

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff