Re: pre-proposal: permissions made easier

andrew(at)dunslane(dot)net (Andrew Dunstan) writes:

> Jeff Davis wrote:
>> On Mon, 2009-06-29 at 12:55 -0400, Tom Lane wrote:
>>
>>> I think it has to be looked at in comparison to more general
>>> prospective-permissions schemes;
>>
>> When I searched google for "prospective permissions", all I found were
>> links to messages in this thread ;)
>>
>> Can you refer me to a general prospective-permissions scheme that is
>> more widely accepted? Being more widely accepted also has the benefit
>> that users will feel more comfortable with the behavior.
>>
>>
>>
>
> Think of MySQL's wildcard permissions. They apply to any object
> whether that object is created before or after the rule is set,
> AIUI. That means the wildcard pattern is applied at the time the
> permission rule is referenced, rather than when the rule is created,
> thus applying it prospectively.
>
> It's a feature many users would like to have, although, as Tom rightly
> points out, it can be a bit of a footgun if used carelessly.

I'll point out, "for posterity", that way back in yesteryear, TOPS-10
(introduced in 1967) had a "declarative permissioning" system for file
access that resembles this.

The best description I'm aware of is the following:
http://lkml.org/lkml/1999/2/5/2

A FILDAE config file for a particular user might look like the
following:

# anything in a directory named "private" is off limits
*/private/*:*:*:*:
# people in group "foo" get full (create, delete, read, write,
# execute) access to everything in the foo project directory
~/projects/foo/*:*:foo:*:cdrwx
# people playing mygame can update the high score file
~/mygame/score.dat:*:*:
~/mygame/bin/mygame:rw
# some friends have access to the RCS files for mygame
~/mygame/src/RCS/*:dennis,kevin,josh:*:
/usr/bin/ci:rw
~/mygame/src/RCS/*:dennis,kevin,josh:*:
/usr/bin/co:rw
# I'll put stuff I want everyone to read in my ~/public directory
# I'll make the public directory 744, so no one will actually have
# to check .access_list, but I'll still put in this entry for
completeness
~/public/*:*:*:*:r# anything left over gets no access*:*:*:*:

This obviously isn't notably SQL-like, but that's not the point :-).
--
"cbbrowne","@","cbbrowne.com"
http://www3.sympatico.ca/cbbrowne/lisp.html
Ubuntu is an ancient African word, meaning "can't configure Debian"