Albert D. Cahalan wrote:
> UIDs and capability bits do not inherit in a compatible way.
> It is insane to have two security systems that operate in
> conflicting ways. I may want to use capability bits for security,
> but how do I assign a bit for "database admin"? Without such
> a bit, I am forced to use a per-UID system that does not have
> compatible inheritance.
>
> Really, it is better to reassign bits NOW than to do it later.
If you're going to make a super-extensible general purpose system, maybe
a set of extendable named capabilities, rather like gid sets but with
the inheritance properties of POSIX capabilities, would do the trick?
-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Tue Feb 15 2000 - 21:00:29 EST