Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!uakari.primate.wisc.edu!ginosko!brutus.cs.uiuc.edu!psuvax1!psuvax1!schwartz From: schwartz@psuvax1.cs.psu.edu (Scott Schwartz) Newsgroups: comp.unix.wizards Subject: Re: File daemons Message-ID:Date: 29 Sep 89 00:03:57 GMT References: Sender: news@psuvax1.cs.psu.edu Distribution: na Organization: Pennsylvania State University, computer science Lines: 25 In-Reply-To: karl@triceratops.cis.ohio-state.edu's message of 28 Sep 89 14:07:49 GMT Karl Kleinpaste writes: |flee@shire.cs.psu.edu writes: | daemon that implements access control lists. The idea is, if you want | to open a file you don't normally have access to, you ask the daemon | to open it for you, and it will give you an open file descriptor | This has already been done. See, for example, "Watchdogs: Extending | the UNIX File System," by Brian N Bershad & C Brian Pinkerton, Winter | 88 (Dallas) Usenix Proceedings (and a later version of the same paper | in Vol 1 No 2 of _Computing_Systems_). I've read it. What Felix was mentioning is nothing so ambitious. We just observed that you can make most filesystem requests via a (privileged) proxy, and let the proxy keep track of the access control lists. For things like read and write access, the whole thing can run in user mode, with no kernel modifications. A prototype only took a few hours to cobble together. (The downside is that if you really want all operations to be proxyable (like exec) you need to add a few things to the kernel.) -- Scott Schwartz for h in `cat /etc/hosts`; do telnet $h smtp; done; Now back to our regularly scheduled programming....