Re: Negative permissions WITHOUT ACLs
- From: roberson@xxxxxxxxxxxx (Walter Roberson)
- Date: Wed, 11 Oct 2006 15:04:17 GMT
In article <1160572724.150078.47390@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>,
Starfish <frel8817@xxxxxxxxxxxxx> wrote:
Hello, if someone can answer this question you make a lot of Uppsala
University students happy.
Here goes: How do you specify negative permission¹ in Unix/Linux
without using ACLs?
¹E.g. saying that the user "Ellen" should not have write access to a
file regardless of the permissions given to her groups.
You find something that fills the same role as an ACL but which
someone has called something different.
In some cases, you -might- be able to work something out with
exclusive mandatory locking and file access monitoring capabilities,
to have a program which checked to see who was trying to do the
access and refused to give up control if it was the "wrong" person.
But this would be difficult to do at all without using a device
driver.
You could use a loadable driver to put the file into your own
filesystem that did whatever permission enforcement you wanted.
You could put the file into an NFS filesystem that specified a
userid map that mapped Ellen's access to "nobody". You -might- be
able to do that with a loop-back filesystem, mounting the
file into a point on the tree that could be reached by everyone,
when the real file resided inside a fully-protected directory.
.
- References:
- Negative permissions WITHOUT ACLs
- From: Starfish
- Negative permissions WITHOUT ACLs
- Prev by Date: Negative permissions WITHOUT ACLs
- Next by Date: Re: Dlink.com.sg intrusion with worm??
- Previous by thread: Negative permissions WITHOUT ACLs
- Next by thread: Re: Negative permissions WITHOUT ACLs
- Index(es):
Relevant Pages
|
