"Inherit Permissions" request for comments
David Collier-Brown
David.Collier-Brown at canada.sun.com
Wed May 31 12:32:02 GMT 2000
Erick Woods wrote:
[...] security risk, having an alternate owner from that of the owner
| of a home directory is a very bad idea i.e. having a publicly
accessible
| folder in /home/bill.
> No one should have access to ANYTHING under another users home directory.
> Period. That is a poor implementation of security in any model.
I both agree and disagree...
Unix and NT provide "discretionary access controls" (DAC), which
allow a user or sysadmin acting on his behalf to control
access to files under that user's control. This is what
the military calls "need to know" control: if I decide you
need to read X, I give you read permission on X.
The other model is "mandatory access control" (MAC), where
a user can't change it, and the sysadmin/security-officer
won't change it on my mere say-so. This is the kind
of statutory separation that keeps me from having any
access to the payroll system or to other employees'
medical records.
NT doesn't do any MAC.
Samba does just a tiny bit: it can prohibit users,
machines or members of domains/subnets. As this is at
the network level, I argue that it's appropriate
[long rant re this available on request].
I don't want to try to add it to Unix via Samba, as
neither Unix or NT has it, and it's a lot of work
for not much value. [Another long rant on what it
**is** good for available on request]
--dave
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical
mailing list