Re: SFTP ACLs need inheritance support

To: denis bider <ietf-ssh%denisbider.com@localhost>
Subject: Re: SFTP ACLs need inheritance support
From: Joseph Galbraith <galb-list%vandyke.com@localhost>
Date: Tue, 06 Dec 2005 10:05:30 -0700

denis bider wrote:
>> What could a client do that is useful with the information
>> that a SACL exists but not knowing it's contents?
> 
> Except that the client could hide the ability to edit the SACL
> for the particular file, I can't really think of something
> incredibly useful. It's just something I thought might be
> worth considering.

Hmmm... but the server is likely to have to attempt to enable
the privilege without even knowing if the client cares to
find this out.

It doesn't sound like you are strongly attached to this--
and if the client really wants to know, it can always attempt
to open the file as if it were going to modify the security
information itself before enabling the UI.

>> What would you think of SFX_ACL_ACCESS_CONTROL_INCLUDED and 
>> SFX_ACL_AUDIT_ALARM_INCLUDED?
> 
> That would be fine with me. As a bonus, it's nice that these
> names aren't inherently platform-specific.

That is precisely why I chose them.  Explaining these names in
the document is much easier (and less complicated) than
explaining DACL and SACL.

Thanks,

Joseph

References:
- Re: SFTP ACLs need inheritance support
  - From: denis bider

Prev by Date: Re: SFTP ACLs need inheritance support
Next by Date: Re: SFTP ACLs need inheritance support
Previous by Thread: Re: SFTP ACLs need inheritance support
Next by Thread: Re: SFTP ACLs need inheritance support
Indexes:

Home | Main Index | Thread Index | Old Index