Security Identifier (SID) to User Identifier (uid) ResolutionSystem

[Steve Langasek]

On Mon, 27 Dec 1999, John E. Malmberg wrote:

> There is a subtle difference that cound catch the unwary.

> If you have write access to the parent directory, so that you can create
> files and directories in it, then any subdirectories and files that you have
> write access to, you have delete and rename access to also.

> This is not the case in Windows NT or OpenVMS.

> Take for example the directory tree of:

> /public
> /public/scratch
> /public/projects

> If you want someone to be able to put files in /public and in /scratch and
> /projects you have to give them write access to all of these directories.

> This allows you to rename the project directory.

> Since Windows NT has a different permission for write access then delete,
> you can protect the permanent subdirectories from these types of accidents.

> Otherwise it is frightenly easy with the Windows Explorer shell to rename a
> directory, but even easier to drag the "projects" directory tree and put it
> in "scratch".

> No error message, no warnings.  And then the clueless user calls for a
> restore of the missing directory.  And if your operations staff does not
> realize what has really happened then your directory tree gets really
> polluted.

> These type of mistakes do not usually happen in a command shell environment,
> or with programmers.  But with a general population of office PC users, you
> can count on them.

> Please remember though that there is a lot about UNIX security I am ignorant
> about though, if I have some of these concepts wrong.

You are correct.  I just wasn't sure with your last post if that was what you
meant. :)

I believe there are some Unix ACL implementations which support the kind of
semantics you're talking about.  Unfortunately, they're of little use to all
those sites which can't or won't use them.

-Steve Langasek
postmodern programmer