Hello Peter!
On Tuesday 12 August 2008 Peter Rabbitson wrote:
> Philipp Marek wrote:
...
> > Are there any precedents how such permission bits can be specified?
>
> I think the model used in networking is very well suited for this. It is
> both extremely simple and flexible - have a mask to which the input is
> &-ed, and have a value which must match the result. Allow for negation
> of the match and voilla - you are done (I think XOR is useless in such
> context).
XOR would allow for negation.
> Then sample rules (very pseudocode) would be:
>
> Match everything without a world readable bit:
> match 0000 / 0004
> not match 0004 / 0004 alternatively
So, if I understand you, there's a mask (for AND) and a pattern for CMP.
> Match suid stuff not marked as executable by user:
> match 4000 / mask 4100
So, in C notation,
if ( (mode AND 04100) == 04000 )
right?
> Exclude sticky stuff non-executable by others and non writable by the group
> not match 1000 / mask 1021
How would I match a file that has *none* of others-rwx set? ie. match
(mode & 0007) == 0
Would your notation be a negative ignore pattern (ie. a "take" pattern) with
not match 0 / mask 0007
and ignoring everything else?
That sounds a bit ... convoluted, with the double negation. But I don't have
any better solution; I'll think a bit more.
> > And for the first version at least I'd like to stay with parsing some
> > numbers - going for "grwx" seems overkill, especially as there'll only
> > be one or two values be used in the common case, which I'd have special
> > coded as abbreviations.
>
> I think that whoever will want to power-use this, will have to know
> octal logic anyway. Macros like 'suid', 'sticky', 'world-readable',
> 'group-writable' seem to be the way to go to make it more user friendly
> (the 'not' modifier still applying).
That's always possible.
> I am just thinking out loud of course, someone might come up with a much
> nicer way to do this.
Possibly ... I'd like to avoid coding something if I'm not sure that it makes
sense and is backwards compatible (if we find that we need some extension).
Thank you for the idea ... I'll sleep over that.
Regards,
Phil
--
Versioning your /etc, /home or even your whole installation?
Try fsvs (fsvs.tigris.org)!
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
