Re: ACLs, ACE and ls -e / chmod
Re: ACLs, ACE and ls -e / chmod
- Subject: Re: ACLs, ACE and ls -e / chmod
- From: John Michael Zorko <email@hidden>
- Date: Thu, 05 Feb 2009 11:23:12 -0800
James,
Wow -- thanks for the info, it is appreciated. I have to do a Win32
implementation of this class (and possibly one for Linux, depending on
how close OSX is to it regarding ACLs), so that site will help. I
will also need to eventually restore the ACLs back to a file, so
thanks on the tip of making sure to preserve the correct order.
I've another question about ACLs and the acl_* APIs. If
acl_get_tag_type() succeeds (returns 0), can acl_get_permset() fail?
If acl_get_permset() succeeds, can acl_get_perm_np() fail? I guess
the bigger question is, "Is an ACL with an ACE with a tag type but no
permset worth saving at all?"
An ACE contains an identity, a type and a set of permissions. This
means that a single ACE can allow OR deny more than one permission but
it can't allow AND deny.
"jmzorko deny write allow read allow execute" breaks down into 2 ACES:
jmzorko deny write
jmzorko allow read execute
Darwin ACLs follow the Windows ACL model pretty closely, so the
description of ACL structure here
<http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/WhatIsAnAccessControlList.html
>
is quite applicable. Just substitute GUID where it says SID.
If you rewrite ACLs, remember to preserve the canonical ordering (see
chmod(1)) because there's no API in the system to do that for you.
Regards,
John
Falling You - exploring the beauty of voice and sound
http://www.fallingyou.com
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden