Re: [PROPOSAL] Extended attributes for Posix security extensions

[Craig Ruff]

On Thu, Oct 26, 2000 at 11:02:52PM +0200, Andreas Gruenbacher wrote:
> Sorry, but I think the root namespace is a serious misdesign. The root
> user shouldn't be treated specially at all. In a system that fully
> supports capabilities, it's actually possible for root to have no
> permissions whatsoever. Allowing root to manipulate EAs of files
> effectively makes root omnipotent again (by manipulating the capabilities
> of files, etc.)

How do you prevent users from using EA keys that are used for essential
system services (e.g. HSM support)?  Are you going to require that a
default EA for these keys that is automatically propagated to all new
file/directories be setup by the admin before file system use?  In this
case, it would seem that you would need to attach ACLs to these EAs to
prevent the user from manipulating or deleting them.  What happens
if the admin needs to convert an existing file system to support an HSM?
-
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to [EMAIL PROTECTED]