Re: Ideas for "extended permissions" (ACLs) in GnomeVFS

[Alex Graveley <alex ximian com>]

Hi,

So on thinking about this more, I really think a permissions system
should be abstracted from gnome-vfs entirely.  We should have a generic
rights/priveledges framework ala Windows.  

Having a separate library could enable its use outside of gnome-vfs, and
for things which don't closely fit with the file construct.  Things like
bonobo/corba call-level security, gobject instantiation, gconf settings,
user impersonation, system configuration, windows SMB/NTLM integration,
keyring management, etc.

-Alex

On Wed, 2002-08-28 at 18:38, Nils Philippsen wrote:
> Hi all,
> 
> I haven't been able to code much in the last time, but I've had some
> ideas about how to handle "extended permissions" in GnomeVFS:
> 
> - Besides what we already have, we need classes for volumes/filesystems
> (but "Posix", "Posix+ACLs" instead of "ext2", "reiser", ...),
> permissions and principals (users and groups)
> - The permission type is a property of the volume/filesystem and maybe
> the file type (file<->dir (AFS))
> - The principal types are a property of the volume/filesystem
> - We would need to determine the volume/FS a URI lies on, that gives the
> permission type and possibly lists of users and groups in that context
> 
> Anyway, it's late. I have put up a very rough "class diagram" on
> http://people.redhat.com/gnome-vfs-permissions for your viewing pleasure
> (DIA and PNG). Feel free to discuss, rip to shreds, whatever.
> 
> Nils
> -- 
> Nils Philippsen / Berliner Straße 39 / D-71229 Leonberg //
> +49.7152.209647
>    nils wombat dialup fht-esslingen de / nils redhat de / nils lisas de
>    PGP fingerprint:  C4A8 9474 5C4C ADE3 2B8F  656D 47D8 9B65 6951 3011
>        Ever noticed that common sense isn't really all that common?
-- 
 on the canvass of life, incompetence is my paintbrush.