Jeremy Allison wrote:
Hi all,
I've been spending some time with customers lately and I've
discovered an interesting thing. Many IT departments completely delegate
the settings on directory and file ACLs to the users who are interested
in the data.
Yes, that's an interpretation of "Need to Know", in which
anyone who has a need to know can designate another person
as needing to now. This interpretation is avoided like
the **plague** in Unix, where there is no higher-level
"Mandatory Access Control" (MAC) to keep someone who
isn't cleared from getting access to the data.
In a MAC regime, a godlike person says "you passed the
security check, you can work with data up to secret" and
increases your authorization, then some individual says
"you need to know", and changes an ACL to give you access.
For example, on a given share for "Finance", the finance group is given
full control on the containing directory (ie. they're allowed to set ACLs
on everything within it) and are left alone to sort out their access
control as they wish.
And one assumes that anyone hired by finance passed the
security check. Alas, a finance person might grant read to
someone in marketing, and see a press release the next day
with details that shouldn't be public (;-))
I'm proposing a new parameter called
"acl group control". If set to True on a share then it would allow
both the owning user and the *primary group owner* of a file or directory
to change the ACL on it.
That's smart: could it optionally be set/overridden on a
per-share basis, so the trusted groups could be controlled
at a fairly fine granularity?
--dave
--
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems, Toronto | some people and astonish the rest
[EMAIL PROTECTED] | -- Mark Twain
(416) 263-5733 (x65733) |
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
