Bug 157559 - New document: Access Control Lists
New document: Access Control Lists
Product: Fedora Documentation
Classification: Fedora
Component: docs-requests (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Karsten Wade
Paul W. Frields
: FutureFeature
Depends On:
Blocks: fedora-docs-writing
  Show dependency treegraph
Reported: 2005-05-12 13:59 EDT by Thomas Jones
Modified: 2008-01-16 00:20 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-16 00:20:09 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Thomas Jones 2005-05-12 13:59:38 EDT
Description of problem:

This document provides a review of the concept and implementation of traditional
UNIX mode-based permissions and POSIX Access Control Lists to develop effective
access control safeguards in a instance of Fedora.

There is very limited documentation currently available on the internet for this

It is questionable whether or not to include the extended attributes(EA)
implementation within this document or submit it as another subject.
Comment 1 Paul W. Frields 2005-05-12 14:33:57 EDT
I don't see why you couldn't include EAs.  Maybe the title could reflect
slightly more inclusive content, such as "File Access Control."  You could
address SELinux extensions by simply pointing readers to appropriate references
such as the SELinux FAQ and, of course, any other guides with which you're
familiar.  Good luck!
Comment 2 Thomas Jones 2005-05-12 22:01:42 EDT
Ok. I will rework the layout and include ea's. 

Given that a great multitude of access control schemas exist under the DAC
system, I think it would be appropriate to alter the title to "Securing
Filesystems". How does that tickle you? It is definitly more inclusive; yet
correctly encompasses all the different types of filesystem objects.

Good point. Definitly a pointer to SELinux content will be outside this projects
scope -- but needs to be included. I've quickly reviewed the current selinux
docs previously; but will need to research further the appropriate content
location of this resource.

I will attempt to get an initial draft structure completed by end of this
weekend. What do you think?
Comment 3 Karsten Wade 2005-05-13 15:46:42 EDT
Sounds like a good plan.

BTW, I'm the author of the Fedora SELinux FAQ and the Red Hat SELinux Guide. 
I'll be happy to help you sort out what is useful for your purposes.  If, when
reading through them, you find anything worthy of a bugzilla, the template you
can use is linked from my people.redhat.com page:

(or use this for the bz template for the Guide: http://tinyurl.com/c2n4v)

Comment 4 Vladimir Kosovac 2008-01-15 22:10:44 EST
New ACLs draft is now available:


It's been proof-read and mark XML ready. Likely to be released as part of AG at
Fedora 9 release time.

Should this be closed now?
Comment 5 Karsten Wade 2008-01-16 00:20:09 EST
As you say, it is in draft (rawhide) to make in the next version of the
Administration Guide, so I'm closing this as "in rawhide".

Note You need to log in before you can comment on or make changes to this bug.