As pointed out already, there has been *extensive* discussion of this in
*numrous* forums. To guide your research into the topic, I recommend
looking at the ACL implementations in Solaris and IRIX, as well as the
POSIX.1e ACL specification.
Take a look at http://www.watson.org/fbsd-hardening/posix1e/ for links to
information on POSIX.1e. You may also want to search the UCLA tech report
archive for references to file system layers, extended attribute services,
and Access Control Lists, which should turn up a few papers on layered
file systems, and specifically on implementing an ACLfs based on an
extended attribute service based on layering (lots of bases here).
For FreeBSD-specific information, I can recommend no better than searching
the archives of -hackers, -security, -fs, and -arch.
If you're interested in fine-grained access control on objects other than
files, there has been lots of discussion of that also, in many forums. In
fact, it's realistic to say that there's a whole field of research on
hardening UNIX, writing trusted UNIX implementations, etc.
On Wed, 27 Oct 1999, Chuck Youse wrote:
>
> I admittedly haven't done much homework on this topic, but I was wondering
> if anyone has played with the idea of implementing ACLs on top of UFS.
>
> One of the weakest areas in UNIX is its lack of fine-grained access
> control for resources - the biggest resource being, of course, the
> filesystem.
>
> Chuck Youse
>
>
>
>
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-hackers" in the body of the message
>
Robert N M Watson
[EMAIL PROTECTED] http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
