From: Hungerburg <pc...@my...> - 2012-06-25 21:37:03
|
Hello Chris et al, I am just lurking here most of the time. I just now realize, that I miss posts by Adem Retter. Where did he go? As the fork of 2.0 Tech Preview happened after sm landed on the trunk, it must be there, completely. Maybe you are missing a convenient interface to set these AC lists and entries? For sure, documentation is not up to implementation, I guess. http://demo.exist-db.org/exist/functions/sm is documenting at least part of the great work he did on the security of eXist db. > As Stefaniuk Marcin notes in this thread, *<default-permissions > collection="775" resource="775"/>*, silently does nothing. It seems > appropriate to me that it be connected as part of 2.0 and have as its > default the the current 755 and 640 (or whatever is currently hardcoded > currently). This works gracefully with umask support. > > I don't understand any loss of security in permitting such > configurability. This is contrary to the *NIX permissions model: in this model such default permissions are SET by umask - per user, per session, per process. In fact, the unmasked permissions for files are rw-rw-rw- and for catalogs are rwxrwrwx. Actual permissions will result by subtracting the umask I do not know, how strictly eXist mimics the *NIX model. If it gets close, then your question should be restated: How to set the default umask in eXist-db? -- peter |