force mode

[Cole, Timothy D.]

> -----Original Message-----
> From:	David Collier-Brown [SMTP:davecb at canada.sun.com]
> Sent:	Friday, June 18, 1999 13:16
> To:	Cole, Timothy D.; Multiple recipients of list
> Subject:	Re: force mode 
> 
> Cole, Timothy D. wrote:
> >         Hrm.  The intended use of force mode, then, is also file
> creation.
> > Getting back to the 'security mask' and 'security force mode' things,
> can
> > anyone come up with any scenarios where limiting the permissions that
> can be
> > explicitly set via the SMB interface is useful, without giving the admin
> a
> > false sense of security?
> 
> 	I think I've missed something in this discussion somewhere:
> 	if I can 
> 		set specific permission bits with "force create mode"
> 		unset others with "create mode",
> 	then what then can't I do at file-creation time?  It looks
> 	like I can constrain the user to set or not set anything I want,
> 	which makes me the final arbiter of the permissions.
> 
> 	This also adress the case of an implicit creation (ie, the
> 	PC program creating a new fild during editing).  It does no
> 	t address the case of a user changing permissions, but then 
> 	we're not discussing that yet....
> 
> Actually, we are ... I'm afraid I transitioned back to that topic in the
> second sentence up there without flagging it very well.
> 
> 	So it looks like the only other possible thing I might
> 	want is a value to set an initial value, in the equation
> 		result = (initial & mask) | force
> 
> Hmm... for file creation, you ought to be able to synthesize that with
> force alone.
>