> On Wed, May 14, 2003 at 06:37:00PM +0100, David Howells wrote:
>> And then you have to have some method of prioritisation. You
>> may find that user dhowells has a token for
>> (fs=AFS,cell=redhat.com) and group engineering has a token for
>> (fs=AFS,cell=redhat.com). Which do you use?
> Union of both. And remember to subtract negative ACLs from
> positive ACLs. Prioritize users over groups in case of explicit
> mention.
> This is standard permission checking.
> Hmm, sounds too simple, so it must be wrong ;-)
Quite. Now that you've done the math, please explain how this should
be implemented efficiently. These are *networked* filesystems...
Cheers,
Trond
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/