non file system based implementation of nio.file
Tigran Mkrtchyan
tigran.mkrtchyan at desy.de
Mon Jun 16 08:20:58 PDT 2008
Usually there are two steps to read/write a file: get file id and io
itself. The first one is checked based on directory , second one - on
the file itself. In other words, you check rx bits for on the parent
directory to provide FileRef to applications and checks rw bits on IO.
With NFSv4 ACLs it's absolutely the same, just other bits are checked
( like LIST_DIRECTORY, READ_DATA, WRITE_DATA ).
Tigran.
Alan Bateman wrote:
> Rémi Forax wrote:
>> accessing files by id (or inode) at user level wil not bypass security
>> which is directory based ?
>>
>> Rémi
> If you mean the operating system might allow the security to be bypassed
> then it would indeed be a serious bug :-) When accessing files by
> FileId on NTFS then the file's access control list is checked. In the
> pre-Darwin days I believe files on HFS+ were addressed by file IDs but
> I'm not familiar with that environment to know how the security worked.
> But perhaps you mean a security manager? In that case then a mapping to
> the name space would be desirable to make configuring the security
> policy usable and consistent.
>
> -Alan.
--
________________________________________________________________________
Tigran Mkrtchyan DESY, IT,
tigran.mkrtchyan at desy.de Notkestrasse 85,
Tel: + 49 40 89983946 Hamburg 22607,
Fax: + 49 40 89984429 Germany.
More information about the nio-dev
mailing list