[Date Prev][Date Next]
Re: deleting ACL
but this way you don't distinguish between writing and
At 13:00 14.01.2002 +0000, you wrote:
Alejandra Moreno wrote...:
> And how can this be implemented for the LDAP entries?
access to dn=".*,dc=parent,dc=com"
by * write
gives everybody write access to entries stored below
(e.g. "uid=foo,dc=parent,dc=com") but not to
"dc=parent,dc=com" it self.
of course you can restrict access by specifying something else than
in the second line..
> At 12:40 14.01.2002 +0000, you wrote:
>>Alejandra Moreno wrote...:
>> > I'm not sure, but is there a way to create an ACL to
>> > between writing and deleting? I want to give writing
>> > but not deleting permission.
>>depends on what you think that "writing" is.. if you
>>distinguish between creating and deleting, the answer should be
>>i think. but if you want to "write to" an entry
(meaning you want
>>to change some of its attributes) thats a completely
>>thing. access handling can be compared fairly straight forward
>>UNIX file permissions in this case.. if you have write access
>>the directory, you can add and delete all files there.
>>but you can change the _content_ of a file (if the file
>>allow it) also if you do not have write permissions to the
>>directory. what means you may modify the file, but not delete
>>(which is possibly what you want)
Alejandra Moreno Espinar
at rete ag
snail mail: Oberdorfstrasse 2,
P.O. Box 674, 8024 Zurich, Switzerland
voice: +41-1-266 55 55, direct: +41-1-266 55 91, fax: +41-1-266 55 88