Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
> From: cvsnt-bounces at cvsnt.org
> [mailto:cvsnt-bounces at cvsnt.org] On Behalf Of Gerhard Fiedler
> Sent: Friday, 28 April, 2006 11:01
>
> Oliver Koltermann wrote:
>
> > If I remember correctly, the normal way it is interpreted on *nix
is,
> > that directory write gives the right to create/modify the directory
> > entries, e.g. adding new files. The access of existing files is
> > determined by the files permission. There is no specific-to-general
> > relation as you assumed.
>
> I kind of disagree with the last sentence. If you have the right to
create
> new files in a directory (that is, write permission for the
directory), you
> by inheritance have the right to write to the files in that directory
--
> unless there is a more specific permission set on a file that
prohibits you
> from writing (or vice versa). I think that's the same on *ix and WinNT
type
> systems. That's the specific-to-general rule I was talking about.
Not for traditional Unix filesystem permissions. Those have no
inheritance mechanism at all (except for the very limited "sticky bit"
special case for directories). Traditional Unix filesystem permissions
cannot be omitted; a given user does or does not have a permission to
perform a given action.
For any given user and any given filesystem object in a traditional Unix
permissions model, exactly one of the {owner, group, other} mode bit
vectors will apply. That vector then determines which types of access
are allowed. Each type of access (write, read, and execute/traverse) is
a bit, so the only options are "granted" or "denied".
--
Michael Wojcik
Principal Software Systems Developer, Micro Focus