|
|
Subscribe / Log in / New account

Access Control: take them from Novell Netware

Access Control: take them from Novell Netware

Posted Nov 18, 2010 10:42 UTC (Thu) by zmi (guest, #4829)
In reply to: Access Control: take them from Novell Netware by Fowl
Parent article: Ghosts of Unix past, part 3: Unfixable designs

> For as long as I can remember giving full access to shares to "Everyone", and then using filesystem permisions has been the recommended practise.

And it brings the feature "you see the share, but clicking on it tells you you can't access it". Again it's the implementation that's wrong: If I have no right on it anyway, don't display it. Seems to be a lazyness of programmers to have chosen this way.

to post comments

Access Control: take them from Novell Netware

Posted Nov 18, 2010 13:55 UTC (Thu) by mpr22 (subscriber, #60784) [Link] (2 responses)

And it brings the feature "you see the share, but clicking on it tells you you can't access it". Again it's the implementation that's wrong: If I have no right on it anyway, don't display it. Seems to be a lazyness of programmers to have chosen this way.

Counterpoint: /bin/ls lists the names of directories not owned by the user it's running as whose access control mode is 0700 (user rwx, all others forbidden).

Access Control: take them from Novell Netware

Posted Nov 18, 2010 14:04 UTC (Thu) by dskoll (subscriber, #1630) [Link] (1 responses)

Counterpoint: /bin/ls lists the names of directories not owned by the user it's running as whose access control mode is 0700 (user rwx, all others forbidden).

Which is perfectly correct behavior according to the way UNIX permissions are defined. The ability to list names in a directory is controlled only by the r bit of the directory itself.

Access Control: take them from Novell Netware

Posted Nov 18, 2010 14:16 UTC (Thu) by zmi (guest, #4829) [Link]

ls is a technical unix command, not a user tool (which "clicki-clicki" mouse user knows ls?). ls must show everything, and it follows the kiss principle (keep it small and simple).

Using a graphical dir browser like Dolphin could hide such unreadable contents, that would be nice, as normally users don't need to see that. Should be a config option.

Browsing a server over the network is about 20 years younger "command", solving completely different needs, and it would help security a bit if shares not accessible are not seen by a user. But by the time Microsoft reinvented networking, they did not have the slightest clue about security (and I'd say that only started with Win7, where a user can work as user not admin). Maybe we'll see that improvement once someone at Microsoft gets the idea. Or maybe the Samba team can implement a setting to hide this, and later MS adopts it as it's clever.

Access Control: take them from Novell Netware

Posted Nov 21, 2010 0:27 UTC (Sun) by Fowl (subscriber, #65667) [Link]

That issue seems completely unrelated.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds