Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Gerhard Fiedler <lists at connectionbrazil.com> writes: > Oliver Koltermann wrote: > > > If I remember correctly, the normal way it is interpreted on *nix is, > > that directory write gives the right to create/modify the directory > > entries, e.g. adding new files. The access of existing files is > > determined by the files permission. There is no specific-to-general > > relation as you assumed. > > I kind of disagree with the last sentence. If you have the right to create > new files in a directory (that is, write permission for the directory), you > by inheritance have the right to write to the files in that directory -- > unless there is a more specific permission set on a file that prohibits you > from writing (or vice versa). I think that's the same on *ix and WinNT type > systems. That's the specific-to-general rule I was talking about. You are right, I'm sorry about the incorrectness of my post. Unfortunately I posted *before* looking into the manual again... (see later posting) [...folder/file read, write, execute permissions...] > Yes, and IMO it shows that this concept of changing the meaning of a > permission depending on whether it's on a folder or on a file (like both > *ix and Win do it) doesn't work well. I never liked that. I agree that it's a bad sign for a clear concept that it needs a lot of explantation and background to understand. > I think the meaning of a permission should be independent of whether it is > applied to a folder or to a file, and it should affect what it is supposed > to affect independently of where it is applied to. Where it is applied to > should only affect its propagation: applied to a folder means that it is > propagated (by default) to files and folders in that folder; applied to a > file means that it is only applied to that file. > > For example, there could be a "write" permission that allows writing to > files. There could be an "add files" permission that allows adding files. > The propagation rules would be the same for both; both can be applied to > files and folders. (Of course, the "add files" permission on a file doesn't > give you anything, as you can't add files to a file.) And their meaning > wouldn't change when applied to a file vs. to a folder, only their way of > propagating: having the "write" permission on a folder would only mean that > I have the "write" permission for the files under that folder, not that I > have the "add files" permission for that folder. This sounds reasonable, but I can't oversee all aspects of this problem to fill in this discussion. I understand that CVSNT's permission concept was designed to go in the same direction as *ix and NT's one to be useable without learning new rules. Best regards, O. Koltermann