Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 19 Aug 2001 19:51:05 -0400
From:      "Ken Cross" <kcross@ntown.com>
To:        <freebsd-fs@freebsd.org>, <freebsd-securit@freebsd.org>
Subject:   DENY ACL's
Message-ID:  <015801c12909$cff97080$0200a8c0@kjc2.com>

next in thread | raw e-mail | index | archive | help
Hi:

The current Posix.1e ACL implementation in -current works great as far as it
goes.  I'm sure this has been kicked around before (although I couldn't find
anything in the archives), but it seems like adding "deny" ACL's would be a
useful and fairly straightforward extension.

For those not familiar with it, deny ACL's are ACL's that explicitly deny
access, e.g., group Accountants are allowed access, but user George is
denied access even though he is a member of Accountants.

They are used extensively in the Windows NT/2K world and I need to support
them on a BSD platform.  The implementation is pretty straightforward --
always check deny ACL's first and then access ACL's.  They'd just be a new
acl_type_t value (ACL_TYPE_DENY?).

I'd be happy to help with the implementation (especially since I'll be doing
it regardless).  Any interest or things I should know about?

Ken



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-fs" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?015801c12909$cff97080$0200a8c0>