Re: SFTP ACLs need inheritance support

[denis bider <ietf-ssh%denisbider.com@localhost>]

I think that's an excellent proposal!

The backup and restore flags could prove very useful to specialized software that performs backup over the network, as using these flags is really the only way to backup a file with multiple streams.

The "OVERRIDE_OWNER" flag appears to map directly to the WRITE_OWNER access right, without which it is not possible for an administrator to take ownership of an abandoned file.

I think it's great that an administrator will be able to use an SFTP client to do that!


On Tue, 06 Dec 2005 09:01:17 -0700, Joseph Galbraith wrote:
> denis bider wrote:
>
>> Please do include also the ACE mask flag for
>> ACCESS_SYSTEM_SECURITY. Sure, it's Windows specific, but it
>> improves compatibility and is very easy to add. The spec
>> should say that anyone who wants to read or write AUDIT or
>> ALARM ACEs from an opened file handle should have passed this
>> flag when opening the handle. Servers that have no need for
>> this flag can simply ignore it, as can clients that don't
>> intend to query a Windows server for ACLs.
>>
> I'll do that.
>
> Here is what I'm planing:
>
> ACCESS_PRIV_SYSTEM_SECURITY = 0x00000200
> The server should access the file in such a way the
> reading and writing an ACL with AUDIT/ALARM entries
> is permitted.
>
> Systems that don't require special privileges to
> write system audit or alarm events SHOULD ignore
> this bit during the open request.  Servers that
> do not support AUDIT or ALARM ACE types should fail
> the open operation with NOT_SUPPORTED.
>
> ACCESS_PRIV_BACKUP_FILE     = 0x00000400
> The server should access the file in order to back it up.
>
> Servers that don't need to perform any special processing
> in order to gain access to a file for backup purposes
> should ignore this bit during an open request.
>
> ACCESS_PRIV_RESTORE_FILE    = 0x00000800
> The server should access the file in order to restore it.
>
> Servers that don't need to perform any special processing
> in order to gain access to a file for purposes of restoring
> from backup should ignore this bit during an open request.
>
> ACCESS_PRIV_OVERRIDE_OWNER  = 0x00001000
> This bit indicates that the client wishes to override the
> WRITE_DAC permission on the file.  If the server does not
> support this operation, it must return NOT_SUPPORTED.
>
> If the user does not have ability to override the
> WRITE_DAC permission on the file, the operation should
> fail with ACCESS_DENIED.
>
>
> I choose these bits because they are still "specific bits"
> in the NT world of structured access masks.  I'll probably
> also add text like this, someplace:
>
> When requesting all access to a file, a client SHOULD
> NOT as a matter of course include the ACCESS_PRIV_*
> bits.  These bits should only be requested when the
> operation described is specifically intended.
>
> Does this fit your needs?
>
> Thanks,
>
> Joseph