Proposal to allow owning group to edit ACLs.
David.Collier-Brown at Sun.COM
Tue Jul 19 12:07:07 GMT 2005
Jeremy Allison wrote:
> Hi all,
> I've been spending some time with customers lately and I've
> discovered an interesting thing. Many IT departments completely delegate
> the settings on directory and file ACLs to the users who are interested
> in the data.
Yes, that's an interpretation of "Need to Know", in which
anyone who has a need to know can designate another person
as needing to now. This interpretation is avoided like
the **plague** in Unix, where there is no higher-level
"Mandatory Access Control" (MAC) to keep someone who
isn't cleared from getting access to the data.
In a MAC regime, a godlike person says "you passed the
security check, you can work with data up to secret" and
increases your authorization, then some individual says
"you need to know", and changes an ACL to give you access.
> For example, on a given share for "Finance", the finance group is given
> full control on the containing directory (ie. they're allowed to set ACLs
> on everything within it) and are left alone to sort out their access
> control as they wish.
And one assumes that anyone hired by finance passed the
security check. Alas, a finance person might grant read to
someone in marketing, and see a press release the next day
with details that shouldn't be public (;-))
> I'm proposing a new parameter called
> "acl group control". If set to True on a share then it would allow
> both the owning user and the *primary group owner* of a file or directory
> to change the ACL on it.
That's smart: could it optionally be set/overridden on a
per-share basis, so the trusted groups could be controlled
at a fairly fine granularity?
David Collier-Brown, | Always do right. This will gratify
Sun Microsystems, Toronto | some people and astonish the rest
davecb at canada.sun.com | -- Mark Twain
(416) 263-5733 (x65733) |
More information about the samba-technical