On Tue, Sep 24, 2002 at 06:13:14PM +0200, Ivan Popov wrote:
> On Tue, 24 Sep 2002, Ivan Popov wrote:
> 
> > *** well, PAG would help to allow cron jobs to alter user files on Coda if
> > the user explicitely grants host/<host> the right to do that...
> > The same for mail delivery and other "problematic aspects" of networked
> > filesystems.
> 
> After consideration I want to withdraw this idea as it implies a need for
> complementary unix-like uid-based access control.
> (otherwise it looks like a host principal would make things on behalf of a
> user, effectively letting the user indirectly mess with other's
> "host-opened" files)
> 
> My conclusion: PAGs are of no real use!

The only place where I can see a PAG being useful is for daemons that
normally run with root priviledge and use setuid to do user specific
operations. Example maildelivery, I could set the ACLs on my maildir
directories as follows to allow mail to be delivered by 'root' with pag
'mail', but not inadvertedly read or tampered with even when the
mailserver is compromized.

    cfs sa Mail/tmp jaharkes all system:mail wid  system:anyuser none
    cfs sa Mail/new jaharkes all system:mail wi   system:anyuser none
    cfs sa Mail/cur jaharkes all system:mail none system:anyuser none

I wouldn't need to have a cronjob on the server that tries to maintain
tokens for all users.

Jan