[E-Lang] Java 2 "Security" (was: Re: WelcomeChrisSkalkaandScottSmith
of Johns Hopkins)
Fri, 26 Jan 2001 23:56:32 +0000
Nikita Borisov wrote:
> In article <3A719055.A7633D1A@algroup.co.uk>,
> Ben Laurie <email@example.com> wrote:
> >David Wagner wrote:
> >> That's what `chmod g+r G` does: Hand off just read access to the
> >> file (not write access) to members of the group G. It works even
> >> if the owner has both read and write access. It's most definitely
> >> not nearly as flexible as I'd like, but it's not all-or-nothing,
> >> either.
> >I had a feeling you meant this, and it is only just not all-or-nothing.
> >In particular, there's a relatively small (in comparison to the number
> >of files on a system) number of groups, and only root can change group
> >membership! So, in order to allow users to actually use this facility, I
> >have to give them root. Nice!
> But this is a property of unix permissions, and not ACLs. Some unix
> systems, for example, have extensions to allow arbitrary ACLs, without
> root intervention.
At the risk of getting boring, I quote David's original statement: "In
fact, if you look at, say, Unix file permissions (an ACL system),
delegation is not all-or-nothing: you can hand off just read permission,
etc." (this was in the mail you replied to - why trim it?).
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff