Naming convention flames

Robert P. J. Day rpjday at mindspring.com
Fri Apr 2 15:51:27 UTC 2004 


On Fri, 2 Apr 2004, Rui Miguel Seabra wrote:

> On Fri, 2004-04-02 at 10:21 -0500, Robert P. J. Day wrote:
> > On Fri, 2 Apr 2004, Rui Miguel Seabra wrote:
> > 
> > > On Fri, 2004-04-02 at 07:40 -0500, murphy pope wrote:
> > > > >Many users in /etc/passwd can be mapped to a single SELinux user for
> > > > access control purposes (e.g. system_u).  
> > > > 
> > > > Sounds like /etc/group to me.  
> > > 
> > > Ok, let's say you have users john, jane, doe, and poe
> > > 
> > > then you have groups like:
> > > staff:x:n:john,jane,doe
> > > 
> > > and file xpto:
> > > 
> > > -rw-rw-r--  1 john staff 3399 Mar  9 00:40 xpto
> > > 
> > > How do you forbid doe from writing on xpto?
> > > 
> > > That's an example of what SELinux brings you, in terms of permissions.
> > > You can explictly say xpto can't be written by doe.
> > 
> > on the other hand, why should you be *allowed* to prevent doe from
> > writing on xpto?  you've explicitly made doe part of the staff group,
> > and you've explicitly given the staff group write permission on that
> > file.  seems like these regular perms are doing exactly what they're
> > *supposed* to be doing, no?
> 
> No. doe might be a junior staff member, for instance.

then why would you make "doe" a member of "staff" in the first place?
again, i *know* what you're getting at.  what i'm arguing is that many of
the examples i see promoting the use of extended permissions, including 
ACLs, are little more than a misuse of standard permissions.

in the above, you create a group called "staff", assign user "doe" to such
a group, then complain that user doe has, well, "staff" rights.  what 
exactly were you expecting?
 
> Other instance I didn't say:
> 
> How do you make poe be able to write to the file without making him a
> member of group staff or making the file world writable?

ok, that's a better question, and represents a much better example.
 
> Rui
> 
> > unless i've totally misread what you were getting at.
> 
> You must've missed the point of ACLs.

au contraire, i understand ACLs pretty well.  all i'm harping on is the 
sometimes lame examples people use to justify their existence.  there's 
enough *good* justification for ACLs that one shouldn't need to dredge
up *bad* justification. :-)

rday

More information about the fedora-selinux-list mailing list