[rsbac] "add inherited" file flag confusion

Chirag P searchformehere at yahoo.com
Sat Jul 12 12:19:39 MEST 2003

Hi all,
One of the valid file flags that I can assign to an
object is "add inherited"
>From the FF models discussion:
"The add_inherited flag is special: If set, the parent
dir's flags are added (or'd) to the target's own
flags.  Inheritance is on by default."

I guess I am struggling with 
1.  How to correctly use this flag and the uses of
this flag?
2.  Advantages of this flag (or removing this flag,
since it is on by default)?  

For example if I have the following directory

and if I assign the following flags

grandparent_dir = secure_delete
parent_a = add_inheritance, no_execute
child_a = add_inheritance

child_a's effective flags become secure_delete, no

parent_b = write_only <no add_inheritance>
child_b = add_inheritance

child_b's effective flags become write_only (it lost
secure_delete from it's grandparent).

Am I understanding this wrong?  Are there any cases
where we might need to remove the "add_inherited" flag
from a file or dir?  
Is this just a way of providing "more" fine granular
control, if one really needs it?


Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!

More information about the rsbac mailing list