Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!uwvax!uwmacc!hobbes!root From: root@hobbes.UUCP (John Plocher) Newsgroups: comp.misc Subject: Re: access-lists vs. unix permissions Message-ID: <151@hobbes.UUCP> Date: Sat, 18-Jul-87 03:08:54 EDT Article-I.D.: hobbes.151 Posted: Sat Jul 18 03:08:54 1987 Date-Received: Sat, 18-Jul-87 19:18:33 EDT References: <1334@ssc-vax.UUCP> <1144@bloom-beacon.MIT.EDU> Reply-To: root@hobbes.UUCP (John Plocher) Followup-To: comp.misc Organization: U of Wisconsin - Madison Spanish Department Lines: 48 +---- Lang Zerner writes the following in <1144@bloom-beacon.MIT.EDU> ---- | >The articles refer to requirements for computer security categories | > The issue I would like to discuss is why are access-lists considered | >more secure that unix-style owner/group/other permission(as the specification | | I agree with david that the owner/group/other permissions are sufficient. All | that is needed to obtain access lists for files is to have a corresponding | group for every file in the system. To implement file access lists using the +---- ^^^^^^^^^^^^^^^^^^^^^^^^ AAAArrrrggghhhh! Some points which show that this issue is not so simple: Hobbes is (for most intents) a single user System5 machine with 70 Mb of disk. It has more than 10,000 files. If there were 10,000 entries in the groups file the system would crawl! For every open(), access() ... the OS would have to check the group file. Every file creation, deletion, and access mod would have to access and change this file. It would have to be locked to keep 2 priv'd users from changing it out from under each other's feet. What about deadlocks, recursion (unless you want to make the group file a special case, how does one check to see if one has permission to read the group file?) ( What this all says is that using regular files for access lists involves tradeoffs which may or may not be justified) Using ugo perms how does one specify that: 1/2 :-) Fawn can read and delete, but not add or modify Iran.data, Casy can create and read it but not modify or delete it, house and senate can not even find out that the file exists, Ron can only read and append to it, and Ollie can create, read, modify, and delete it? Access lists and Capabilities give you a way of doing all this, the user/group/other perms do not. Don't take the second to last paragraph to mean that I think there is something bad about access lists ... :-) John -- John Plocher uwvax!geowhiz!uwspan!plocher plocher%uwspan.UUCP@uwvax.CS.WISC.EDU