(Illustration by Gaich Muramatsu)
On Tue, 24 Sep 2002, Ivan Popov wrote: > *** well, PAG would help to allow cron jobs to alter user files on Coda if > the user explicitely grants host/<host> the right to do that... > The same for mail delivery and other "problematic aspects" of networked > filesystems. After consideration I want to withdraw this idea as it implies a need for complementary unix-like uid-based access control. (otherwise it looks like a host principal would make things on behalf of a user, effectively letting the user indirectly mess with other's "host-opened" files) My conclusion: PAGs are of no real use! :-) Regards, -- Ivan P.S. A clean approach: let cron/procmail/younameit to work on host-local files. When desired, those local files can contain keytabs for special principals, giving access to some of the distributed files. (principals like <user>/cron, <user>/mail and so on?) With other words, a 1777 persistent local directory would be sufficient for uid-based-authorization activities like cron and even procmail.Received on 2002-09-24 12:14:56