[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Shell backend, modify method, ACL

At 12:02 PM 6/21/2001, Simon Spero wrote:
>On Wed, 20 Jun 2001, Kurt D. Zeilenga wrote:
>> Yes, to properly evaluate ACLs, one needs a complete copy of
>> entry.
>In the general case this is true; however when access rules do not refer
>to a value in the object being operated on, the access check can be
>evaluated purely based on the operation being performed.
>This situation applies to a lot of extremely common cases

I note that target dependent ACLs are quite common.

I note this thread is in regards to back-shell, which
defers almost all access control decisions to shell modules.
Some would argue that, for this backend, all access control
decisions should be deferred to shell models.