Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!uakari.primate.wisc.edu!ginosko!brutus.cs.uiuc.edu!psuvax1!psuvax1!schwartz
From: schwartz@psuvax1.cs.psu.edu (Scott Schwartz)
Newsgroups: comp.unix.wizards
Subject: Re: File daemons
Message-ID: 
Date: 29 Sep 89 00:03:57 GMT
References: 
Sender: news@psuvax1.cs.psu.edu
Distribution: na
Organization: Pennsylvania State University, computer science
Lines: 25
In-Reply-To: karl@triceratops.cis.ohio-state.edu's message of 28 Sep 89 14:07:49 GMT


Karl Kleinpaste writes:
|flee@shire.cs.psu.edu writes:
|    daemon that implements access control lists.  The idea is, if you want
|    to open a file you don't normally have access to, you ask the daemon
|    to open it for you, and it will give you an open file descriptor

| This has already been done.  See, for example, "Watchdogs: Extending
| the UNIX File System," by Brian N Bershad & C Brian Pinkerton, Winter
| 88 (Dallas) Usenix Proceedings (and a later version of the same paper
| in Vol 1 No 2 of _Computing_Systems_).

I've read it.  What Felix was mentioning is nothing so ambitious.  We
just observed that you can make most filesystem requests via a
(privileged) proxy, and let the proxy keep track of the access control
lists.  For things like read and write access, the whole thing can run
in user mode, with no kernel modifications.  A prototype only took a
few hours to cobble together.  (The downside is that if you really
want all operations to be proxyable (like exec) you need to add a few
things to the kernel.)

--
Scott Schwartz		
for h in `cat /etc/hosts`; do telnet $h smtp; done;
Now back to our regularly scheduled programming....