Hello, if someone can answer this question you make a lot of Uppsala
University students happy.

Here goes: How do you specify negative permission=B9 in Unix/Linux
without using ACLs?

=B9E.g. saying that the user "Ellen" should not have write access to a
file regardless of the permissions given to her groups.

In article <1160572724.150078.47390 [at] c28g2000cwb.googlegroups.com>,
Starfish <frel8817 [at] student.uu.se> wrote:
>Hello, if someone can answer this question you make a lot of Uppsala
>University students happy.

>Here goes: How do you specify negative permission¹ in Unix/Linux
>without using ACLs?

>¹E.g. saying that the user "Ellen" should not have write access to a
>file regardless of the permissions given to her groups.

You find something that fills the same role as an ACL but which
someone has called something different.

In some cases, you -might- be able to work something out with
exclusive mandatory locking and file access monitoring capabilities,
to have a program which checked to see who was trying to do the
access and refused to give up control if it was the "wrong" person.
But this would be difficult to do at all without using a device
driver.

You could use a loadable driver to put the file into your own
filesystem that did whatever permission enforcement you wanted.

You could put the file into an NFS filesystem that specified a
userid map that mapped Ellen's access to "nobody". You -might- be
able to do that with a loop-back filesystem, mounting the
file into a point on the tree that could be reached by everyone,
when the real file resided inside a fully-protected directory.

In article <1160572724.150078.47390 [at] c28g2000cwb.googlegroups.com>,
Starfish wrote:
>Hello, if someone can answer this question you make a lot of Uppsala
>University students happy.
>
>Here goes: How do you specify negative permission¹ in Unix/Linux
>without using ACLs?
>
>¹E.g. saying that the user "Ellen" should not have write access to a
>file regardless of the permissions given to her groups.
>

You don't. That's why they invented ACLs, because standard
UNIX permissions can't do that sort of thing.

--
Christopher Mattern

"Which one you figure tracked us?"
"The ugly one, sir."
"...Could you be more specific?"

Post removed (X-No-Archive: yes)

In article <1160572724.150078.47390 [at] c28g2000cwb.googlegroups.com>,
"Starfish" <frel8817 [at] student.uu.se> wrote:

> Hello, if someone can answer this question you make a lot of Uppsala
> University students happy.
>
> Here goes: How do you specify negative permission¹ in Unix/Linux
> without using ACLs?
>
> ¹E.g. saying that the user "Ellen" should not have write access to a
> file regardless of the permissions given to her groups.

Make ellen the owner of the file, and omit the write permission from the
owner, i.e.

chown ellen filename
chmod o-w filename

However, a problem with this is that since ellen is the owner, she can
change the permissions and give herself write permissions. So this is
really only useful as a safety net, or in restricted environments where
users don't have access to the chmod command (e.g. it can be useful on
FTP servers -- you can create an anonymous upload directory where the
anonymous userid doesn't have any permissions to the files they've
created).

--
Barry Margolin, barmar [at] alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***

Starfish <frel8817 [at] student.uu.se> wrote:
> Here goes: How do you specify negative permission¹ in Unix/Linux
> without using ACLs?

You can't.

> ¹E.g. saying that the user "Ellen" should not have write access to a
> file regardless of the permissions given to her groups.

Use groups. Do not add Ellen to that group, which has the rights.

Yours,
VB.
--
Viel schlimmer als die Implementation von PHP ist jedoch das Design.

Rudolf Polzer in de.comp.security.misc

"Starfish" <frel8817 [at] student.uu.se> writes:
>
> Here goes: How do you specify negative permission¹ in Unix/Linux
> without using ACLs?
>
> ¹E.g. saying that the user "Ellen" should not have write access to a
> file regardless of the permissions given to her groups.

On my machine, I am the only member of group "buhr". If there's a
file, owned by anyone besides "buhr", with the following permissions:

-rw----r-- 1 root buhr 5 2006-10-12 11:56 buhr_cant_access

then everyone can read it except me.

Unfortunately, the standard Unix permissions system hasn't really been
designed with this usage kept clearly in mind, so there may be ways
for users to manipulate their effective, real, and supplementary group
memberships (with the help of bugs in setgid programs, perhaps) in
such a way as to drop group membership and work around the protection.

Also, at least one easy attack comes to mind: hard links made to the
"unreadable" file from under "~buhr/public_html/" or a public FTP
space would likely make the file readable through the web or FTP
server. I assume exclusionary ACLs would suffer from the same
problems, though.

--
Kevin <buhr [at] asaurus.net>