IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: SFTP ACLs need inheritance support



denis bider wrote:
>> What could a client do that is useful with the information
>> that a SACL exists but not knowing it's contents?
> 
> Except that the client could hide the ability to edit the SACL
> for the particular file, I can't really think of something
> incredibly useful. It's just something I thought might be
> worth considering.

Hmmm... but the server is likely to have to attempt to enable
the privilege without even knowing if the client cares to
find this out.

It doesn't sound like you are strongly attached to this--
and if the client really wants to know, it can always attempt
to open the file as if it were going to modify the security
information itself before enabling the UI.

>> What would you think of SFX_ACL_ACCESS_CONTROL_INCLUDED and 
>> SFX_ACL_AUDIT_ALARM_INCLUDED?
> 
> That would be fine with me. As a bonus, it's nice that these
> names aren't inherently platform-specific.

That is precisely why I chose them.  Explaining these names in
the document is much easier (and less complicated) than
explaining DACL and SACL.

Thanks,

Joseph



Home | Main Index | Thread Index | Old Index