On Fri, Dec 26, 2003 at 06:28:20PM +0100, Per Olofsson wrote: > > (It really should be possible to force umask > > as well by directory, though...) > I think POSIX ACLs provides that functionality. On the other hand, they > seem to be more "hidden" than traditional Unix permissions, which may > create a security problem. I kind of like AFS ACLs which are set per > directory with file permissions ignored (group and other), but this is not > what people and applications are used to which is a problem (AFS itself is > problematic because of its limited interoperability with the Unix world).
Another essential security feature would be program and not just user-based permissions/ACLs. An exact opposite of Palladium/TCPA world domination insanity; a way for the user/sys. admin to block out untrusted programs from his data. AFAIK Eros <www.eros-os.org> essentially only has program-based permissions given its persistent nature, but it shouldn't be too difficult to implement such permissions in *nix VFS using e.g. a database of md5sums of trusted binaries. Of course, scripts would need a little extra work. -- Tuomo
