RE: For when a new stable release?

To:	John Trostel <jtrostel@xxxxxxxxxx>
Subject:	RE: For when a new stable release?
From:	Austin Gonyou <austin@xxxxxxxxxxxxxxx>
Date:	Tue, 15 May 2001 13:47:04 -0500 (CDT)
Cc:	Mário Gamito <mg-listas@xxxxxxxxxxx>, Mário Gamito <mg-listas@xxxxxxxxxxx>, ML do XFS <linux-xfs@xxxxxxxxxxx>
In-reply-to:	<XFMail.20010515133431.jtrostel@xxxxxxxxxx>
Sender:	owner-linux-xfs@xxxxxxxxxxx

Umm..the owner is still root. But I see what you mean. So you can prevent
say a common user from deleting things, but the perms are enforced across
users?

-- 
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-796-9023
email: austin@xxxxxxxxxxxxxxx

On Tue, 15 May 2001, John Trostel wrote:

> Then don't chmod 777 the file.  If the file has been given the ACL
> u::rwx,g::rwx,o::rwx,u:user1:r-x,m::rwx then everyone _except_ 'user1' can
> delete the file.  If the file had been given
> u::rwx,g::rwx,o::r-x,u:user1:rwx,m::rwx, then _only_ the true owner and user1
> would be able to delete the file.
>
> Start as root (or someother user who owns a file)
> [root@jtsdell xfs_part]# chgrp root jt_junk
> [root@jtsdell xfs_part]# ls -l jt_junk
> -rwxrwxrwx    1 root     root            0 May 11 13:36 jt_junk
> [root@jtsdell xfs_part]# chacl -l jt_junk
> jt_junk []
>
> (There's no ACL defined on this file yet.... lets define one that doesn't 
> allow
> 'jt' to delete the file... but looks 'normal' to 'ls -l')
>
> [root@jtsdell xfs_part]# chacl u::rwx,g::rwx,o::rwx,u:jt:r-x,m::rwx jt_junk
> [root@jtsdell xfs_part]# chacl -l jt_junk
> jt_junk [u::rwx,g::rwx,o::rwx,u:jt:r-x,m::rwx]
>
> See... 'chacl -l' sees the extended permission structure.
>
> [root@jtsdell xfs_part]# ls -l jt_junk
> -rwxrwxrwx    1 root     root            0 May 11 13:36 jt_junk
>
> But 'ls -l' does not see it.
>
> [root@jtsdell xfs_part]# exit
> exit
>
> Go back to being 'jt'
>
> [jt@jtsdell xfs_part]$ ls -l jt_junk
> -rwxrwxrwx    1 root     root            0 May 11 13:36 jt_junk
>
> File looks like I (as 'jt') can delete it.  Let's try.
>
> [jt@jtsdell xfs_part]$ rm jt_junk
> rm: remove write-protected file `jt_junk'? y
> rm: cannot unlink `jt_junk': Permission denied
>
> Gee Whiz!?! What happened? I've been acl-ized!
>
> On 15-May-2001 Austin Gonyou wrote:
> > I agree with this. but my problem is ACLs should protect. At this point
> > the file can still be modified/deleted by ANYONE if I chmod 777 that file.
> > What's the point of ACLs if they don't stop malicios behaviour?
>
> ACLs are designed to allow you to specify permissions on a finer scale than 
> the
> traditional ugo scheme.  You can tailor protection for just  a few users or
> groups.
>

<Prev in Thread]	Current Thread	[Next in Thread>
For when a new stable release?, Mário Gamito RE: For when a new stable release?, John Trostel RE: For when a new stable release?, Austin Gonyou RE: For when a new stable release?, John Trostel RE: For when a new stable release?, Austin Gonyou RE: For when a new stable release?, John Trostel RE: For when a new stable release?, Austin Gonyou <= RE: For when a new stable release?, John Trostel RE: For when a new stable release?, Austin Gonyou Re: For when a new stable release?, Danny Cox RE: For when a new stable release?, Tom Duffy minor mkfs.xfs.8 page bug, Chris Pascoe

Previous by Date:	Re: Question re: installation over network, Eric Sandeen
Next by Date:	RE: For when a new stable release?, John Trostel
Previous by Thread:	RE: For when a new stable release?, John Trostel
Next by Thread:	RE: For when a new stable release?, John Trostel
Indexes:	[Date] [Thread] [Top] [All Lists]