Philipp Marek wrote:
> Does anyone have some good ideas about specifying a mask for permissions? I
> think we'll need two parts - an AND, and a CMP - or possibly an XOR and an
> AND - or something along these lines.
>
> Eg PERM:0007 (AND; match if not equal to 0).
> I'm not sure whether a negation (via XOR) is really needed - there are "take"
> patterns, after all.
>
> Are there any precedents how such permission bits can be specified?
I think the model used in networking is very well suited for this. It is
both extremely simple and flexible - have a mask to which the input is
&-ed, and have a value which must match the result. Allow for negation
of the match and voilla - you are done (I think XOR is useless in such
context). Then sample rules (very pseudocode) would be:
Match everything without a world readable bit:
match 0000 / 0004
not match 0004 / 0004 alternatively
Match suid stuff not marked as executable by user:
match 4000 / mask 4100
Exclude sticky stuff non-executable by others and non writable by the group
not match 1000 / mask 1021
> And for the first version at least I'd like to stay with parsing some
> numbers - going for "grwx" seems overkill, especially as there'll only be
> one or two values be used in the common case, which I'd have special
> coded as abbreviations.
I think that whoever will want to power-use this, will have to know
octal logic anyway. Macros like 'suid', 'sticky', 'world-readable',
'group-writable' seem to be the way to go to make it more user friendly
(the 'not' modifier still applying).
I am just thinking out loud of course, someone might come up with a much
nicer way to do this.
Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
