[963] in linux-security and linux-alert archive
Re: Fwd: [linux-security] security idea
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Thu Jul 25 17:32:18 1996
Date: Thu, 25 Jul 1996 16:35:01 -0400
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: "Daniel Roedding" <daniel@fiction.pb.owl.de>
Cc: iang@cs.berkeley.edu, linux-security@tarsier.cv.nrao.edu
In-Reply-To: Daniel Roedding's message of Thu, 25 Jul 1996 09:50:45 +0200
(MDT), <m0ujLC1-000007C@sandman.pb.owl.de>
Date: Thu, 25 Jul 1996 09:50:45 +0200 (MDT)
From: "Daniel Roedding" <daniel@fiction.pb.owl.de>
I'm not quite sure if all Linux versions handle this properly, but
certainly many "commercial" Unix boxes won't, because they first
check the "world" access rights and then "add" group specific ones.
So you can use group specific access rights only to give members
of a certain group *more* rights than the rest of the world, but
not to *exclude* them.
Err no. I'm pretty certain POSIX specifies how permission bits work,
and that group bits can be used to exclude rights.
If you think you can find a Unix or Unix-clone implementation which does
things the way you've described, let us know. But I'm pretty sure POSIX
requires a very specific permissions bits algorithm.
- Ted