Re: New SFTP extension: enable privileges on the server...

To: Joseph Galbraith <galb%vandyke.com@localhost>
Subject: Re: New SFTP extension: enable privileges on the server...
From: Darren J Moffat <Darren.Moffat%Sun.COM@localhost>
Date: Tue, 30 Aug 2005 15:50:13 +0100

On Tue, 2005-08-30 at 15:37, Joseph Galbraith wrote:
> In some operating systems (Windows NT, VMS I think, not sure
> about the big mainframe OSes), a user can have the right to
> certain privileges, but most explicitly activate the privilege
> in order to use it.

(Open)Solaris and Trusted Solaris have privileges and authorisations.
Users have authorisations.  Processes have privileges.  In Solaris
a process can manipulate its privileges and privileged processes
check authorisations.  Lets take a hypothetical example:  We
have a backup program that only certain users are allowed to use,
the backup process uses privileges to read/write files it wouldn't
otherwise be able to.  That same backup program checks authorisations
to ensure that only the correct subset of users can perform restores.

> Two such privilege under Windows NT are the Backup privilege
> and the Restore privilege.

In Solaris processes have privileges - this is the breakup
of the all powerful root.  A process has a number of different
privilege sets:
	E - Effective Set: What I'm using now.
	P - Permitted Set: Max I can use.
	I - Inheritable Set: What I give to children.
	L - Limit Set: Max children can get.

Given that I think your packet needs a place to specify
the privilege set as well for this to be useful on Solaris.  We
could assume the effective set is what you wanted to manipulate
since it sounds like that matches your Windows view, but it would
be better to allow it to be explicit.

> Standard privileges:
>    BACKUP@
>      Right to read any file or directory, bypassing
>      read access control checks.

Sounds like file_dac_read in Solaris.

>    RESTORE@
>      Right to create / write any file or directory,
>      bypassing access control checks.

Sounds like file_dac_write for Solaris.

I sounds an interesting proposal.  My major question though is
what is the expected behaviour if a Windows client connects
to a Solaris server and asks for BACKUP@ to be enabled ?  Are
we supposed to map this to file_dac_read ?  What if it is the
other way around ?

-- 
Darren J Moffat 
TZ=Europe/Dublin

Follow-Ups:
- Re: New SFTP extension: enable privileges on the server...
  - From: Jeffrey Hutzelman

References:
- New SFTP extension: enable privileges on the server...
  - From: Joseph Galbraith

Prev by Date: Re: Changes to SFTP v6: change in acl present flag
Next by Date: Re: New SFTP extension: enable privileges on the server...
Previous by Thread: New SFTP extension: enable privileges on the server...
Next by Thread: Re: New SFTP extension: enable privileges on the server...
Indexes:

Home | Main Index | Thread Index | Old Index