On Mon, Mar 20, 2000 at 09:03:53PM -0600, Christopher Browne wrote: > As a Completely Different Thought (which I periodically bring up), it > might be worth looking back into the past; TOPS-10 had an ACL system > controlled by a daemon called FILDAE where, rather than sticking the > ACL data into nodes on the filesystem, it centralized them into a set > of patterns in a file. > > Approach: If accesses fail, due to the "usual" ugo/GECOS fields > indicating NO access, the kernel would send a message to FILDAE asking > if the ACLs would permit access based on the rule set. If so, then > FILDAE would tell the kernel to give access. > > This seems to be a rather Hurd-like approach; with Hurd, it is quite > natural to add a daemon of this sort...
I really like that idea! It could be compared to the sudo solution for setuid programs: Leave the ugo-permission system as it is with no overhead, but have the possibility for a extremely flexible, fine-grained system for those files where you need it. And all we need for it is a hook for a deamon that is called as soon as the permissions for a file are denied! And it that hook is called with the UID of the user owning the file, the whole thing could even be completely in user space! A transparent solution for all security risks caused by suid files! Very hurd-like... -- -- ______________________________________________________ -- JESUS CHRIST IS LORD! -- To Him, even that machine here has to obey... -- -- _________________________________Norbert "Nobbi" Nemec -- Hindenburgstr. 44 ... D-91054 Erlangen ... Germany -- eMail: <[EMAIL PROTECTED]> Tel: +49-(0)-9131-204180
