[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: deleting ACL


And how can this be implemented for the LDAP entries?


At 12:40 14.01.2002 +0000, you wrote:

Alejandra Moreno wrote...:

> I'm not sure, but is there a way to create an ACL to distinguish
> between writing and deleting? I want to give writing permission,
> but not deleting permission.

depends on what you think that "writing" is.. if you want to distinguish
between creating and deleting, the answer should be no, i think. but if
you want to "write to" an entry (meaning you want to change some of its
attributes) thats a completely different thing. access handling can be
compared fairly straight forward to UNIX file permissions in this case..
if you have write access for the directory, you can add and delete all
files there.
but you can change the _content_ of a file (if the file permissions
allow it) also if you do not have write permissions to the directory.
what means you may modify the file, but not delete it.. (which is
possibly what you want)


Alejandra Moreno Espinar
at rete ag

mailto:alejandra.moreno@atrete.ch, http://www.atrete.ch
snail mail: Oberdorfstrasse 2, P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88