Red Hat Bugzilla – Bug 157559
New document: Access Control Lists
Last modified: 2008-01-16 00:20:09 EST
Description of problem:
This document provides a review of the concept and implementation of traditional
UNIX mode-based permissions and POSIX Access Control Lists to develop effective
access control safeguards in a instance of Fedora.
There is very limited documentation currently available on the internet for this
It is questionable whether or not to include the extended attributes(EA)
implementation within this document or submit it as another subject.
I don't see why you couldn't include EAs. Maybe the title could reflect
slightly more inclusive content, such as "File Access Control." You could
address SELinux extensions by simply pointing readers to appropriate references
such as the SELinux FAQ and, of course, any other guides with which you're
familiar. Good luck!
Ok. I will rework the layout and include ea's.
Given that a great multitude of access control schemas exist under the DAC
system, I think it would be appropriate to alter the title to "Securing
Filesystems". How does that tickle you? It is definitly more inclusive; yet
correctly encompasses all the different types of filesystem objects.
Good point. Definitly a pointer to SELinux content will be outside this projects
scope -- but needs to be included. I've quickly reviewed the current selinux
docs previously; but will need to research further the appropriate content
location of this resource.
I will attempt to get an initial draft structure completed by end of this
weekend. What do you think?
Sounds like a good plan.
BTW, I'm the author of the Fedora SELinux FAQ and the Red Hat SELinux Guide.
I'll be happy to help you sort out what is useful for your purposes. If, when
reading through them, you find anything worthy of a bugzilla, the template you
can use is linked from my people.redhat.com page:
(or use this for the bz template for the Guide: http://tinyurl.com/c2n4v)
New ACLs draft is now available:
It's been proof-read and mark XML ready. Likely to be released as part of AG at
Fedora 9 release time.
Should this be closed now?
As you say, it is in draft (rawhide) to make in the next version of the
Administration Guide, so I'm closing this as "in rawhide".