---

LinuxSecurity.com: Advanced Access Control with the Trustees Project

The Linux Trustees Project is an effort to create improved
access control and advanced file permission management similar to
other operating systems….

“Linux Trustees project borrows “trustee” idea from Novel’s
Netware OS. A trustee is object that give a given group or user
access to a complete directory tree, not just a single file. In my
own experience, the typical task that a file system administrator
has is “to have a directory that some users R/W access, some R/O,
others – nothing.”

“It can be done via a single click of mouse using Netware
Administrator, but it is still complex in all other OSs.”

“In my understanding and experience, the standard Unix and Linux
file permission model simple does not allow to have 2 different
groups have different (say, R/O & R/W) access for a single
file. In UNIX you just have owner, owner’s group, and “others”
permission, that give you no flexibility to manage access on per
group basis. This problem is in certain degree resolved by
different implementations of POSIX ACLs. ACL is basically a list of
“access control records” each of them allows access to given file
to a given user or group. The problem is that ACLs are affective on
per file basis (in NT there are default ACLs that copied to new
files that created in directory), that makes administration quite a
complex. Moreover, millions of ACL required to implement a single
security policy is a potential security risk, because it is not
easy to verify them even if the tools are provided.”

Complete
Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis