(Illustration by Gaich Muramatsu)
On Tue, Sep 24, 2002 at 06:13:14PM +0200, Ivan Popov wrote: > On Tue, 24 Sep 2002, Ivan Popov wrote: > > > *** well, PAG would help to allow cron jobs to alter user files on Coda if > > the user explicitely grants host/<host> the right to do that... > > The same for mail delivery and other "problematic aspects" of networked > > filesystems. > > After consideration I want to withdraw this idea as it implies a need for > complementary unix-like uid-based access control. > (otherwise it looks like a host principal would make things on behalf of a > user, effectively letting the user indirectly mess with other's > "host-opened" files) > > My conclusion: PAGs are of no real use! The only place where I can see a PAG being useful is for daemons that normally run with root priviledge and use setuid to do user specific operations. Example maildelivery, I could set the ACLs on my maildir directories as follows to allow mail to be delivered by 'root' with pag 'mail', but not inadvertedly read or tampered with even when the mailserver is compromized. cfs sa Mail/tmp jaharkes all system:mail wid system:anyuser none cfs sa Mail/new jaharkes all system:mail wi system:anyuser none cfs sa Mail/cur jaharkes all system:mail none system:anyuser none I wouldn't need to have a cronjob on the server that tries to maintain tokens for all users. JanReceived on 2002-09-24 13:10:38