[963] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: Fwd: [linux-security] security idea

daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Thu Jul 25 17:32:18 1996

Date: Thu, 25 Jul 1996 16:35:01 -0400
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: "Daniel Roedding" <daniel@fiction.pb.owl.de>
Cc: iang@cs.berkeley.edu, linux-security@tarsier.cv.nrao.edu
In-Reply-To: Daniel Roedding's message of Thu, 25 Jul 1996 09:50:45 +0200
	(MDT), <m0ujLC1-000007C@sandman.pb.owl.de>

   Date: Thu, 25 Jul 1996 09:50:45 +0200 (MDT)
   From: "Daniel Roedding" <daniel@fiction.pb.owl.de>

   I'm not quite sure if all Linux versions handle this properly, but
   certainly many "commercial" Unix boxes won't, because they first
   check the "world" access rights and then "add" group specific ones.
   So you can use group specific access rights only to give members
   of a certain group *more* rights than the rest of the world, but
   not to *exclude* them.

Err no.  I'm pretty certain POSIX specifies how permission bits work,
and that group bits can be used to exclude rights.

If you think you can find a Unix or Unix-clone implementation which does
things the way you've described, let us know.  But I'm pretty sure POSIX
requires a very specific permissions bits algorithm.

							- Ted

home help back first fref pref prev next nref lref last post