On Fri, 20 Aug 2010 19:41:44 +0200, Thomas Jollans wrote: >> "Create Folders" and "Delete Subfolders and Files" correspond to having >> write permission on a directory. > > How does append differ from write? If you have appending permissions, but not > writing ones, is it impossible to seek? Or is there a more complex "block" > that bites you when you seek to before the old end of file and try writing > there?
If you have append permission, you can open a file in append mode. AFAICT, this behaves the same as O_APPEND on Unix, i.e. all writes are automatically appended to the file, regardless of the current offset. Having this as a separate permission allows normal users to add entries to log files but not to erase existing entries. > Makes me wonder whether SELinux makes changes in this area, and if so, > how far-reaching they are. SELinux adds finer-grained permissions (e.g. append is distinct from write), but also adds role-based checks, i.e. permissions are attached to individual programs, which limits the extent to which a bug or misfeature can be exploited. >> 3. The owner can be either a user or a group. > > What about both? A file/directory only has one owner. >> 4. On Windows, a file cannot be "given away" either by its owner or an >> administrator. You can grant the "Take Ownership" permission, but >> the recipient still has to explicitly change the ownership. > > Really? So the operating system actually places restrictions on what the > administrator can do? Yes, although doubtless such constraints can be circumvented (if you can install software, you can use the account of anyone who uses the software). > Or is there a fine distinction here between administrator-accounts in general > and the NT "Administrator" account that at least some versions of Windows (xp > home edition springs to mind) appear to try to hide as best they can ? I don't think that the "Administrator" account is special. AFAICT, any member of the Administrators group has the same privileges. -- http://mail.python.org/mailman/listinfo/python-list
