Basic File Privileges [PSARC/2009/378 FastTrack timeout 7/10/2009]
Casper.Dik at sun.com
Casper.Dik at sun.com
Sun Jul 5 08:12:22 PDT 2009
>On Fri, Jul 03, 2009 at 05:45:14AM -0700, Casper Dik wrote:
>> This project proposes two new "basic" privileges.
>>
>> FILE_READ
>> Allows a process to read a file or directory whose
>> permission or ACL allow the process read permission.
>>
>> FILE_WRITE
>> Allows a process to write a file or directory whose
>> permission or ACL allow the process write permission.
>
>Does not having basic file privileges affect a process' ability to
>receive, via IPC, open file descriptors with contrary access?
No.
>It might be useful to have a way to grant a process read and/or write
>access to specific objects while still denying it the right to do so in
>general. The simplest way to do that that I can imagine is by adding an
>additional pair of basic file privileges that apply only to files in the
>current directory (not following symlinks) and, perhaps, below.
See, e.g., PSARC 2008/109
Casper
More information about the opensolaris-arc
mailing list