Any hope for new file permission revolution in Linux
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Any hope for new file permission revolution in Linux
Linux/Unix'd use standard file permission which is rwx quite many years. However in corporate environment (especially file server) it no longer sufficient.
The implementation of POSIX ACL is better a bit, however it still able to control permission until Read, Write, Execute only.
Anybody think before file permission in Linux shall have revolution, which allow user do have more flexible permission configuration like:
read, modify, write, delete file, delete folder, traverse folder, list content
I not intend to start a war here, Ms. Windows, has NTFS permission features which is superior than any *nix environment.
I hope 1 day linux file permission can support same capablity like windows (I know it can become a really big impact on all *nix softwares)
AFS does not rely on the mode bit protections of a standard UNIX system (though its protection system does interact with these mode bits). Instead, AFS uses an access control list (ACL) to control access to each directory and its contents. The following list summarizes the differences between the two methods:
UNIX mode bits specify three types of access permissions: r (read), w (write), and x (execute). An AFS ACL uses seven types of permissions: r (read), l (lookup), i (insert), d (delete), w (write), k (lock), and a (administer). For more information, see The AFS ACL Permissions and How AFS Uses the UNIX Mode Bits.
The three sets of mode bits on each UNIX file or directory enable you to grant permissions to three users or groups of users: the file or directory's owner, the group that owns the file or directory, and all other users. An ACL can accommodate up to about 20 entries, each of which extends certain permissions to a user or group. Unlike standard UNIX, a user can belong to an unlimited number of groups, and groups can be defined by both users and system administrators. See Using Groups.
UNIX mode bits are set individually on each file and directory. An ACL applies to all of the files in a directory. While at first glance the AFS method possibly seems less precise, in actuality (given a proper directory structure) there are no major disadvantages to directory-level protections and they are easier to establish and maintain.
However, is it applicable for centralize authentication (via ldap/active directory)?
However, is it applicable for centralize authentication (via ldap/active directory)?
Should be, it's technically already setup for centralized type authentications with PAM/Kerberos, etc. I've never used it to authenticate against OpenLDAP or AD but probably doable, I'm sure someones done it before.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.