[prev in list] [next in list] [prev in thread] [next in thread]
List: slide-dev
Subject: Re: ACL evaluation
From: Thomas Bellembois <thomas.bellembois () univ-rennes1 ! fr>
Date: 2005-06-28 9:15:03
Message-ID: 42C11517.6010206 () univ-rennes1 ! fr
[Download RAW message or body]
Hello Miguel,
Don't worry, your explanations were good ! But I have been working on
ACLs for a long time, so it becomes a bit confusing for me ! :-)
Thanks again.
Regards,
Thomas
Miguel Figueiredo wrote:
>Hello Thomas,
>
> You probably already understood how this things work from Delbecq
>explanations, but since I explained myself poorly, I'll just clarify my poor
>english. See below.
>
>Best regards,
>Miguel
>
>-----Original Message-----
>From: Thomas Bellembois [mailto:thomas.bellembois@univ-rennes1.fr]
>Sent: segunda-feira, 27 de Junho de 2005 17:18
>To: Slide Developers Mailing List
>Subject: Re: ACL evaluation
>
>Hello Miguel,
>
>I don't understand two thinks :
>1.
>When you say that "the first inherited is always the last processed", do
>you mean that Slide processes inheritable ACE on /b, then inheritable
>ACE on /a ... ?
>
>Miguel> first inherited here would be /files on the /slide/file/a/b/c.txt
>path.
>
>2.
>Why ACEs on a resource are not enougth to grant or deny a permission
>(cf. my problem on /files/partage/demoEsup) ?
>
>Miguel> ACEs on a resource should be enough to grant or deny a permission.
>They have the 'heavier weight' on deciding it. If that doesn't work
>something must be wrong.
>
>bonus. :-)
> How can we know exactly what ACEs to put to grant or deny a permission
>(how Slide processes permissions exactly ?)
>
>Miguel> I make Delbecq words mine :)
>
>
>
>
>Thank you.
>
>Thomas
>
>Miguel Figueiredo wrote:
>
>
>
>>Hello Thomas,
>>
>>Inherited ACEs are always resolved last. For example, take the following
>>path:
>>
>>/slide/file/a/b/c.txt
>>
>>Slide first checks for c.txt ACEs, then b/ ACEs, then a/ until slide/
>>collection's ACEs. Means that inherited ACEs are always processed last, and
>>the first inherited is always the last processed.
>>
>>Hope this helps,
>>Miguel Figueiredo
>>
>>-----Original Message-----
>>From: Thomas Bellembois [mailto:thomas.bellembois@univ-rennes1.fr]
>>Sent: segunda-feira, 27 de Junho de 2005 15:35
>>To: Slide Developers Mailing List
>>Subject: ACL evaluation
>>
>>Hello,
>>
>>I have a problem trying to put permission on one resource.
>>I have understood that ACL's are evaluated from the top to the bottom.
>>But what about inherited ACL's ? Are they evaluated first ?
>>I could not find this information neither in the RFC or in the mailing
>>list. :-(
>>
>>My problem is that I have the following permissions :
>>/files/partage : deny all all inheritable
>>/files/partage/demoEsup : grant read /users/demoEsup inheritable, grant
>>write /users/demoEsup inheritable
>>
>>And the user demoEsup can not read or write in the folder
>>/files/partage/demoEsup.
>>But if I change the permission on /files/partage into :
>>/files/partage : deny write all inheritable
>>it works...
>>
>>Any idea ?
>>
>>Thank you very much
>>
>>Thomas
>>
>>
>>
>>
>>
>
>
>
>
--
+---=( Thomas Bellembois )=---+
| CRI - University of Rennes 1 - FR |
| thomas.bellembois@univ-rennes1.fr |
| +33 2 23 23 69 60 |
+-----------------------------------+
---------------------------------------------------------------------
To unsubscribe, e-mail: slide-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-dev-help@jakarta.apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic