[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Shell backend, modify method, ACL
At 12:02 PM 6/21/2001, Simon Spero wrote:
>On Wed, 20 Jun 2001, Kurt D. Zeilenga wrote:
>>
>> Yes, to properly evaluate ACLs, one needs a complete copy of
>> entry.
>
>In the general case this is true; however when access rules do not refer
>to a value in the object being operated on, the access check can be
>evaluated purely based on the operation being performed.
>
>This situation applies to a lot of extremely common cases
I note that target dependent ACLs are quite common.
I note this thread is in regards to back-shell, which
defers almost all access control decisions to shell modules.
Some would argue that, for this backend, all access control
decisions should be deferred to shell models.
Kurt