Howdy Luke...
Luke Kenneth Casson Leighton wrote:
> If you can't do it with unix permissions or unix permissions + ACL,
> you don't need to do it at all most likely, and even more likely
> you
the bastion sftp example i gave which required selinux on top of a
much broader set of POSIX file permissions demonstrates the fallacy
of your statement.
try to achieve the same effect with POSIX - even POSIX ACLs (uploader
only has create and write, not read, not delete; downloader has read
and delete, not write, not create)
and you will fail, miserably, because under POSIX, write implies
create.
You're really muddying up the waters here. sftp is not POSIX. Like ftp,
it presents an abstraction of a generic filesystem, and that abstraction
lives at the application layer. As such, it is the application layer's
responsibility to define what features may or may not be implemented.
There are plenty of smart ftp servers that let you define precisely this
type of ACLs for the ftp users. The fact that it is both possible and
trivially easy to implement such an application on top of a POSIX
runtime environment tells me that there's nothing broken here.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
