[RFC,0/3] Access Control Lists for tmpfs and /dev/pts
mbox series

Message ID 20050202161340.660712000@blunzn.suse.de
Headers show
Series
  • Access Control Lists for tmpfs and /dev/pts
Related show

Message

Andreas Gruenbacher Feb. 2, 2005, 4:13 p.m. UTC
Here is a set of three patches which implement some general
infrastructure and on top of that, acls for tmpfs and /dev/pts files.
We may want to factor out some of the current ext2 and ext3 acl code
and use the generic layer instead. Comments welcome.

Regards,
--
Andreas Gruenbacher <agruen@suse.de>
SUSE Labs, SUSE LINUX PRODUCTS GMBH

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Comments

Christoph Hellwig Feb. 2, 2005, 4:55 p.m. UTC | #1
On Wed, Feb 02, 2005 at 05:13:40PM +0100, Andreas Gruenbacher wrote:
> Here is a set of three patches which implement some general
> infrastructure and on top of that, acls for tmpfs and /dev/pts files.

Why would you want ACLs on /dev/pts?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
Andreas Gruenbacher Feb. 2, 2005, 5:37 p.m. UTC | #2
On Wed, 2005-02-02 at 17:55, Christoph Hellwig wrote:
> On Wed, Feb 02, 2005 at 05:13:40PM +0100, Andreas Gruenbacher wrote:
> > Here is a set of three patches which implement some general
> > infrastructure and on top of that, acls for tmpfs and /dev/pts files.
> 
> Why would you want ACLs on /dev/pts?

That's actually a good question. The patch allows to give several people
access to the same terminal, which sometimes comes in handy with tools
like screen (at least in its current version), and that's what the patch
originally was meant for. I've just talked this over this with one of
the maintainers though, and there are probably better ways than handling
this at the file permission level, like passing open file descriptors
between processes. So unless somebody comes up with a convincing
application, that patch probably should stay out.

Cheers,
Catalin Patulea Aug. 4, 2005, 7:39 p.m. UTC | #3
On Wed, 2 Feb 2005, Andreas Gruenbacher wrote:

> On Wed, 2005-02-02 at 17:55, Christoph Hellwig wrote:
>> On Wed, Feb 02, 2005 at 05:13:40PM +0100, Andreas Gruenbacher wrote:
>>> Here is a set of three patches which implement some general
>>> infrastructure and on top of that, acls for tmpfs and /dev/pts files.
>>
>> Why would you want ACLs on /dev/pts?
>
> That's actually a good question. The patch allows to give several people
> access to the same terminal, which sometimes comes in handy with tools
> like screen (at least in its current version), and that's what the patch
> originally was meant for. I've just talked this over this with one of
> the maintainers though, and there are probably better ways than handling
> this at the file permission level, like passing open file descriptors
> between processes. So unless somebody comes up with a convincing
> application, that patch probably should stay out.
Aside from the above reason, I believe the mechanism behind the write 
command should also be considered. The notifications generated by write 
can currently be enabled and disabled only through an "all-on" or 
"all-off" mechanism - it doesn't leave room for user- or group-specific 
permissions because it's based on the mode of the TTY special file.

ACL support in devpts would allow much more fine-grained control of who 
is allowed and who is denied access to writing messages on your terminal.
This would come in very handy and I personally believe it should be 
possible to have such control.

Sorry for the random post and thanks for considering this reason,
Catalin Patulea
>
> Cheers,
> --
> Andreas Gruenbacher <agruen@suse.de>
> SUSE Labs, SUSE LINUX GMBH
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>
>

-----------------------------------------
Catalin Patulea       VV Volunteer 2002,3
http://vv.carleton.ca/~cat/  VV HI 2004,5
cat@vv.carleton.ca
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/