[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL changes for add/delete/rename and back-shell

I've tweaked the ACL system for both back-bdb and back-ldbm
to require "entry" write access to the entry being added,
deleted, or renamed.  Write access to the parent's (or parents')
"children" is still required.  This, especially when combined
with the filter clause, can provide finer grained control
on who can add, delete, rename what where.

I've also modified back-shell to provide "entry-level"
ACLs for all operations.  This likely should be extended
to other programmable backends (an exercise I will leave
to others).