[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaandScottSmith
of Johns Hopkins)
Nikita Borisov
nikitab@cs.berkeley.edu
26 Jan 2001 19:16:21 GMT
In article <3A719055.A7633D1A@algroup.co.uk>,
Ben Laurie <ben@algroup.co.uk> wrote:
>David Wagner wrote:
>> That's what `chmod g+r G` does: Hand off just read access to the
>> file (not write access) to members of the group G. It works even
>> if the owner has both read and write access. It's most definitely
>> not nearly as flexible as I'd like, but it's not all-or-nothing,
>> either.
>
>I had a feeling you meant this, and it is only just not all-or-nothing.
>In particular, there's a relatively small (in comparison to the number
>of files on a system) number of groups, and only root can change group
>membership! So, in order to allow users to actually use this facility, I
>have to give them root. Nice!
But this is a property of unix permissions, and not ACLs. Some unix
systems, for example, have extensions to allow arbitrary ACLs, without
root intervention.
- Nikita