Application Considerations



next up previous contents
Next: Privilege Up: Discretionary Access Control Previous: Discretionary Access Control

Application Considerations

The POSIX.6 standard specifies interfaces and commands for the permission bit mechanism, and there exists a large pool of portable applications that use these interfaces and commands. This implies that backward compatibility with applications that use the permission bit mechanism is necessary, even when the systems using these applications implement the access control list mechanism.

The two DAC mechanisms (the ACL mechanism and the permission bit mechanism) may exist on the same system, and still be POSIX.6 DAC compliant. Great effort was made to ensure that these two mechanisms, if forced to, work together. When possible, interfaces normally used for the permission bit mechanism (i.e., chmod(), and stat()) will work with the access control list, and the interfaces intended for the access control list will work with the permission bit mechanism. However, if the result of an interface has the potential to grant more access than intended, the call will most likely fail. The results of crossing calls may not produce the expected result, but will never be less restrictive than intended.



John Barkley
Fri Oct 7 16:17:21 EDT 1994