IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: SFTP ACLs need inheritance support



denis bider wrote:
> Please do include also the ACE mask flag for
> ACCESS_SYSTEM_SECURITY. Sure, it's Windows specific, but it
> improves compatibility and is very easy to add. The spec
> should say that anyone who wants to read or write AUDIT or
> ALARM ACEs from an opened file handle should have passed this
> flag when opening the handle. Servers that have no need for
> this flag can simply ignore it, as can clients that don't
> intend to query a Windows server for ACLs.

I'll do that.

Here is what I'm planing:

ACCESS_PRIV_SYSTEM_SECURITY = 0x00000200
  The server should access the file in such a way the
  reading and writing an ACL with AUDIT/ALARM entries
  is permitted.

  Systems that don't require special privileges to
  write system audit or alarm events SHOULD ignore
  this bit during the open request.  Servers that
  do not support AUDIT or ALARM ACE types should fail
  the open operation with NOT_SUPPORTED.

ACCESS_PRIV_BACKUP_FILE     = 0x00000400
  The server should access the file in order to back it up.

  Servers that don't need to perform any special processing
  in order to gain access to a file for backup purposes
  should ignore this bit during an open request.

ACCESS_PRIV_RESTORE_FILE    = 0x00000800
  The server should access the file in order to restore it.

  Servers that don't need to perform any special processing
  in order to gain access to a file for purposes of restoring
  from backup should ignore this bit during an open request.

ACCESS_PRIV_OVERRIDE_OWNER  = 0x00001000
  This bit indicates that the client wishes to override the
  WRITE_DAC permission on the file.  If the server does not
  support this operation, it must return NOT_SUPPORTED.

  If the user does not have ability to override the
  WRITE_DAC permission on the file, the operation should
  fail with ACCESS_DENIED.


I choose these bits because they are still "specific bits"
in the NT world of structured access masks.  I'll probably
also add text like this, someplace:

  When requesting all access to a file, a client SHOULD
  NOT as a matter of course include the ACCESS_PRIV_*
  bits.  These bits should only be requested when the
  operation described is specifically intended.

Does this fit your needs?

Thanks,

Joseph



Home | Main Index | Thread Index | Old Index