User: Password:
|
|
Subscribe / Log in / New account

Ghosts of Unix past, part 3: Unfixable designs

Ghosts of Unix past, part 3: Unfixable designs

Posted Nov 16, 2010 16:10 UTC (Tue) by bfields (subscriber, #19510)
Parent article: Ghosts of Unix past, part 3: Unfixable designs

The NFSv4 working group (under the IETF umbrella) were tasked with creating a network filesystem which, among other goals, would provide interoperability between POSIX and WIN32 systems. As part of this effort they developed yet another standard for ACLs which aimed to support the access model of WIN32 while still being usable on POSIX.

Actually, it's really just a copy of Windows ACLs as far as I can tell--different implementors have made different choices as to how to reconcile with POSIX.

The Richacl implementors (mainly Andreas Gruenbacher) have added some extra "mask bits" as a way to ensure that a chmod can still restrict permissions without permanently losing information from any ACL set on the file. Interestingly enough, the hardest part then becomes mapping the resulting masked ACL to a Windows/NFSv4-like ACL....

Readers in search of a challenge can go look at their code and figure out if there's a better mapping. I've drawn a blank so far. It's likely what we'll end up doing.


(Log in to post comments)

Ghosts of Unix past, part 3: Unfixable designs

Posted Nov 16, 2010 21:04 UTC (Tue) by wazoox (subscriber, #69624) [Link]

> Interestingly enough, the hardest part then becomes mapping the resulting masked ACL to a Windows/NFSv4-like ACL....

That reminds me of the ACL parts of the samba code. There is a long page of comments that reads something like "beware, here follows, long, hairy, complicated and untractable explanation of a longer, hairier and more incomprehensible code". Then more lines with comments like "Don't touch this code!" :)

Ghosts of Unix past, part 3: Unfixable designs

Posted Nov 16, 2010 23:21 UTC (Tue) by vonbrand (guest, #4458) [Link]

Due to the "ACL model" of Windows being a unmangeable mess?

The user/group/others model is certainly lacking (it can't describe the full permissions matrix like the Bell-LaPadula model uses), but what are the real, usable alternatives?

Ghosts of Unix past, part 3: Unfixable designs

Posted Nov 17, 2010 0:57 UTC (Wed) by rahvin (subscriber, #16953) [Link]

SELinux and an infinate level of fine grained control? I guess it really depends on how much control you need and how many man hours you want to put into maintaining it.

I'd imagine the US DOD has permission levels and tables that would make your head spin, after all their paper permission levels are nearly incomprehensible, I can't even imagine their computer permissions. In fact I'd wager there is an entire staff of people that do nothing but manage permissions.

Ghosts of Unix past, part 3: Unfixable designs

Posted Nov 18, 2010 17:51 UTC (Thu) by davecb (subscriber, #1574) [Link]

I took the course, and they have the same four or five levels for everyone (unclassified, restricted ,confidential, secret and top secret), and a plethora of categories, possibly including "the commandant's cat's litter-box", assuming of course that you have secrets about it.

--dave

Ghosts of Unix past, part 3: Unfixable designs

Posted Nov 17, 2010 3:18 UTC (Wed) by jra (subscriber, #55261) [Link]

Hey, there's ascii art in there explaining everything ! How can you not love code with ascii art in it ? :-).

Jeremy.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds