Bug 157559

Summary: New document: Access Control Lists
Product: [Fedora] Fedora Documentation Reporter: Thomas Jones <admin>
Component: docs-requestsAssignee: Karsten Wade <kwade>
Status: CLOSED RAWHIDE QA Contact: Paul W. Frields <stickster>
Severity: medium Docs Contact:
Priority: medium    
Version: develCC: vnk
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-16 05:20:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 129807    

Description Thomas Jones 2005-05-12 17:59:38 UTC 
Description of problem:

This document provides a review of the concept and implementation of traditional
UNIX mode-based permissions and POSIX Access Control Lists to develop effective
access control safeguards in a instance of Fedora.

There is very limited documentation currently available on the internet for this
topic.

It is questionable whether or not to include the extended attributes(EA)
implementation within this document or submit it as another subject.
Comment 1 Paul W. Frields 2005-05-12 18:33:57 UTC 
I don't see why you couldn't include EAs.  Maybe the title could reflect
slightly more inclusive content, such as "File Access Control."  You could
address SELinux extensions by simply pointing readers to appropriate references
such as the SELinux FAQ and, of course, any other guides with which you're
familiar.  Good luck!
Comment 2 Thomas Jones 2005-05-13 02:01:42 UTC 
Ok. I will rework the layout and include ea's. 

Given that a great multitude of access control schemas exist under the DAC
system, I think it would be appropriate to alter the title to "Securing
Filesystems". How does that tickle you? It is definitly more inclusive; yet
correctly encompasses all the different types of filesystem objects.

Good point. Definitly a pointer to SELinux content will be outside this projects
scope -- but needs to be included. I've quickly reviewed the current selinux
docs previously; but will need to research further the appropriate content
location of this resource.

I will attempt to get an initial draft structure completed by end of this
weekend. What do you think?
Comment 3 Karsten Wade 2005-05-13 19:46:42 UTC 
Sounds like a good plan.

BTW, I'm the author of the Fedora SELinux FAQ and the Red Hat SELinux Guide. 
I'll be happy to help you sort out what is useful for your purposes.  If, when
reading through them, you find anything worthy of a bugzilla, the template you
can use is linked from my people.redhat.com page:

http://fedora.redhat.com/docs/selinux-faq-fc3/
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/
http://people.redhat.com/kwade/
(or use this for the bz template for the Guide: http://tinyurl.com/c2n4v)

Thanks!
Comment 4 Vladimir Kosovac 2008-01-16 03:10:44 UTC 
New ACLs draft is now available:

https://fedoraproject.org/wiki/Docs/Drafts/AdministrationGuide/AccessControlLists

It's been proof-read and mark XML ready. Likely to be released as part of AG at
Fedora 9 release time.

Should this be closed now?
Comment 5 Karsten Wade 2008-01-16 05:20:09 UTC 
As you say, it is in draft (rawhide) to make in the next version of the
Administration Guide, so I'm closing this as "in rawhide".