[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Ideas from the I&A Forum (DCE file permissions)

At 11:52 AM 7/10/96 -0400, Rich Salz wrote:
>> I still don't know what the DCE "T: test" permission is
>> good for, so I can't suggest we add it.  Rich?
>The "T (test)" permission is useful when --
>    -	You only want to grant someone "read ACL" rights, and not "read object"
>	rights.  As in "ls -l" vs. "cat"

Is this different from giving read permission on the directory file but not
on the files in that directory?

>    -	You want to allow a comparison without disclosing the full state,
>	such as "Can Rich read this file" or "Is Rich in the 'foo' group?"
>	As in "grep ... >/dev/null ; echo $status" vs. "cat"

In the hypothetical file system protected by SPKI certs, I believe this
concern translates to the ability to read certs themselves.  Am I
understanding you?

That's something we just didn't address.

>Hope this helps.  Nice seeing you again Carl.

Yup -- it helps.  Nice seeing you again, too..

 - Carl

|Carl M. Ellison          cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                              http://www.cybercash.com/    |
|207 Grindall Street           PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103       T:(410) 727-4288     F:(410)727-4293        |