[Date Prev][Date Next]
Re: deleting ACL
Alejandra Moreno wrote...:
> And how can this be implemented for the LDAP entries?
access to dn=".*,dc=parent,dc=com"
by * write
gives everybody write access to entries stored below "dc=parent,dc=com",
(e.g. "uid=foo,dc=parent,dc=com") but not to "dc=parent,dc=com" it self.
of course you can restrict access by specifying something else than "*"
in the second line..
> At 12:40 14.01.2002 +0000, you wrote:
>>Alejandra Moreno wrote...:
>> > I'm not sure, but is there a way to create an ACL to distinguish
>> > between writing and deleting? I want to give writing permission,
>> > but not deleting permission.
>>depends on what you think that "writing" is.. if you want to
>>distinguish between creating and deleting, the answer should be no,
>>i think. but if you want to "write to" an entry (meaning you want
>>to change some of its attributes) thats a completely different
>>thing. access handling can be compared fairly straight forward to
>>UNIX file permissions in this case.. if you have write access for
>>the directory, you can add and delete all files there.
>>but you can change the _content_ of a file (if the file permissions
>>allow it) also if you do not have write permissions to the
>>directory. what means you may modify the file, but not delete it..
>>(which is possibly what you want)