Re: Ideas for "extended permissions" (ACLs) in GnomeVFS

[Michael Meeks <michael ximian com>]

Hi Alex,

On Wed, 2002-08-28 at 23:58, Alex Graveley wrote:
> So on thinking about this more, I really think a permissions system
> should be abstracted from gnome-vfs entirely.  We should have a generic
> rights/priveledges framework ala Windows.  

	I i magine with Windows it's not a user-level rights/priviledges
framework - but something that goes to the core of the system.

> Having a separate library could enable its use outside of gnome-vfs, and
> for things which don't closely fit with the file construct.  Things like
> bonobo/corba call-level security,

	Interesting - but how do you propose achieving this.

>  gobject instantiation

	Some gobject are not instantiable ? that's a joke - user-level
in-process 'advisory' 'security' is no security.

> gconf settings, user impersonation, system configuration,

	How do you possibly plan to stop users impersonating others - it's just
not feasible; as long as the 'user' string is included in some
wire-level protocol - it's not going to work; this is a really hard
problem to solve.

> windows SMB/NTLM integration, keyring management, etc.

	Now - doing central authentication and key management is indeed most
useful; Hallski was going to do a GEP on this, it'd be great to badger
him about that so we can get some decent requirements on 'paper'.

	In summary - now I think about it I'm completely confused about the
usefulness / role of ACLs in gnome-vfs.

	What are people hoping to achieve with new API here ? what is the
purpose of this code, and the basic requirements ?

	Regards,

		Michael.

-- 
 mmeeks gnu org  <><, Pseudo Engineer, itinerant idiot