From: steve@rama.demon.co.uk (Steve Entwistle) Subject: Re: Access control lists and Linux Date: 2 Apr 1993 19:25:24 GMT
In article <1pgnop$k1e@walt.ee.pdx.edu> gary@acacia (Gary Moyer) writes:
>Anyone considered doing such a thing? I'm considering just such an
>undertaking. Is there any netinfo floating around out there highlighting
>fs development under Linux? Any fs developers mind disclosing any secrets?
>I'm considering taking the standard minix/linux fs and going from there.
>Should I use it as a base or possibly consider using the new extended?
>
One possibility would be to develop a generalised security
package, such as RACF, used on IBM Mainframe systems. This system uses a
central database in which all the security information for various
resources is stored, e.g. Files, Users, Terminals etc.
A sample entry for a File resource might be :-
Filename : /etc/foobar
Default Access : NONE
User fred, Access = READ
Group Wheel, Access = UPDATE
Rather than changing the filesystem code, you could insert a
call to the resource checking routine in all the system calls that access
the resource you want to protect (in this case, all the system calls concerned
with file accesses). If there is no entry in the database for a particular
file, I guess you would then just use the normal file permission bits.
The advantages of doing it this way is that not only is it filesystem
independent, but it is also readily extended to protecting other resources.
Steve