Changes to SFTP v6: change in acl present flag

To: ietf-ssh%NetBSD.org@localhost
Subject: Changes to SFTP v6: change in acl present flag
From: Joseph Galbraith <galb-list%vandyke.com@localhost>
Date: Tue, 30 Aug 2005 08:00:49 -0600

Do we have people already shipping SFTP v6
style attributes?

Implementation experience has just taught me that
I need both the boolean acl-present and the count field
in the ACL.

Even when the access control part of the acl is not
present, there still may be auditing / system alarm
entries present.

I propose changing the current text to the following:

If the 'acl-present' flag is not set, it indicates that
the file does not have an ACL, as opposed to having an
empty ACL.  An empty ACL grants no access, not having
an ACL grants all access. This is distinct from the
case of SSH_FILEXFER_ATTR_ACL not being present in the
attrib flags. If SSH_FILEXFER_ATTR_ACL is not present,
the client can not deduce whether the server does not
support ACLs, did not check the ACL (because doing
so was expensive), or had some other reason for
omitting the data.

When the 'acl-prenent' flag is not set, there may still
be system audit or alarm type entries in the list.


Thanks,

Joseph

Follow-Ups:
- Re: Changes to SFTP v6: change in acl present flag
  - From: Joseph Galbraith

Prev by Date: Changes to SFTP v6: new error messages
Next by Date: RE: Changes to SFTP v6: new error messages
Previous by Thread: Changes to SFTP v6: new error messages
Next by Thread: Re: Changes to SFTP v6: change in acl present flag
Indexes:

Home | Main Index | Thread Index | Old Index