Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!uwvax!uwmacc!hobbes!root
From: root@hobbes.UUCP (John Plocher)
Newsgroups: comp.misc
Subject: Re: access-lists vs. unix permissions
Message-ID: <151@hobbes.UUCP>
Date: Sat, 18-Jul-87 03:08:54 EDT
Article-I.D.: hobbes.151
Posted: Sat Jul 18 03:08:54 1987
Date-Received: Sat, 18-Jul-87 19:18:33 EDT
References: <1334@ssc-vax.UUCP> <1144@bloom-beacon.MIT.EDU>
Reply-To: root@hobbes.UUCP (John Plocher)
Followup-To: comp.misc
Organization: U of Wisconsin - Madison  Spanish Department
Lines: 48

+---- Lang Zerner writes the following in <1144@bloom-beacon.MIT.EDU> ----
| >The articles refer to requirements for computer security categories
| >	The issue I would like to discuss is why are access-lists considered
| >more secure that unix-style owner/group/other permission(as the specification
| 
| I agree with david that the owner/group/other permissions are sufficient.  All
| that is needed to obtain access lists for files is to have a corresponding
| group for every file in the system.  To implement file access lists using the
+----       ^^^^^^^^^^^^^^^^^^^^^^^^

AAAArrrrggghhhh!

  Some points which show that this issue is not so simple:

  Hobbes is (for most intents) a single user System5 machine with
  70 Mb of disk.  It has more than 10,000 files.  If there were
  10,000 entries in the groups file the system would crawl!

  For every open(), access() ...  the OS would have to check the
  group file.

  Every file creation, deletion, and access mod would have to
  access and change this file.  It would have to be locked to keep
  2 priv'd users from changing it out from under each other's feet.

  What about deadlocks, recursion (unless you want to make the
  group file a special case, how does one check to see if one has
  permission to read the group file?)

  ( What this all says is that using regular files for access lists
  involves tradeoffs which may or may not be justified)

  Using ugo perms how does one specify that:	1/2 :-)
	Fawn can read and delete, but not add or modify Iran.data,
        Casy can create and read it but not modify or delete it,
	house and senate can not even find out that the file exists,
	Ron can only read and append to it, and
	Ollie can create, read, modify, and delete it?

  Access lists and Capabilities give you a way of doing all this,
  the user/group/other perms do not.

  Don't take the second to last paragraph to mean that I think
  there is something bad about access lists ... :-)

John
-- 
John Plocher uwvax!geowhiz!uwspan!plocher  plocher%uwspan.UUCP@uwvax.CS.WISC.EDU