[rsbac] "add inherited" file flag confusion
Chirag P
searchformehere at yahoo.com
Sat Jul 12 12:19:39 MEST 2003
Hi all,
One of the valid file flags that I can assign to an
object is "add inherited"
>From the FF models discussion:
"The add_inherited flag is special: If set, the parent
dir's flags are added (or'd) to the target's own
flags. Inheritance is on by default."
I guess I am struggling with
1. How to correctly use this flag and the uses of
this flag?
2. Advantages of this flag (or removing this flag,
since it is on by default)?
For example if I have the following directory
structure:
grandparent_dir/parent_a/child_a
grandparent_dir/parent_b/child_b
and if I assign the following flags
grandparent_dir = secure_delete
parent_a = add_inheritance, no_execute
child_a = add_inheritance
child_a's effective flags become secure_delete, no
execute
parent_b = write_only <no add_inheritance>
child_b = add_inheritance
child_b's effective flags become write_only (it lost
secure_delete from it's grandparent).
Am I understanding this wrong? Are there any cases
where we might need to remove the "add_inherited" flag
from a file or dir?
Is this just a way of providing "more" fine granular
control, if one really needs it?
Thanks!
--Chirag
__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
More information about the rsbac
mailing list