Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 157559 - New document: Access Control Lists
Summary: New document: Access Control Lists
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora Documentation
Classification: Fedora
Component: docs-requests
Version: devel
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Karsten Wade
QA Contact: Paul W. Frields
URL:
Whiteboard:
Depends On:
Blocks: fedora-docs-writing
TreeView+ depends on / blocked
 
Reported: 2005-05-12 17:59 UTC by Thomas Jones
Modified: 2008-01-16 05:20 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-16 05:20:09 UTC


Attachments (Terms of Use)

Description Thomas Jones 2005-05-12 17:59:38 UTC
Description of problem:

This document provides a review of the concept and implementation of traditional
UNIX mode-based permissions and POSIX Access Control Lists to develop effective
access control safeguards in a instance of Fedora.

There is very limited documentation currently available on the internet for this
topic.

It is questionable whether or not to include the extended attributes(EA)
implementation within this document or submit it as another subject.

Comment 1 Paul W. Frields 2005-05-12 18:33:57 UTC
I don't see why you couldn't include EAs.  Maybe the title could reflect
slightly more inclusive content, such as "File Access Control."  You could
address SELinux extensions by simply pointing readers to appropriate references
such as the SELinux FAQ and, of course, any other guides with which you're
familiar.  Good luck!

Comment 2 Thomas Jones 2005-05-13 02:01:42 UTC
Ok. I will rework the layout and include ea's. 

Given that a great multitude of access control schemas exist under the DAC
system, I think it would be appropriate to alter the title to "Securing
Filesystems". How does that tickle you? It is definitly more inclusive; yet
correctly encompasses all the different types of filesystem objects.

Good point. Definitly a pointer to SELinux content will be outside this projects
scope -- but needs to be included. I've quickly reviewed the current selinux
docs previously; but will need to research further the appropriate content
location of this resource.

I will attempt to get an initial draft structure completed by end of this
weekend. What do you think?

Comment 3 Karsten Wade 2005-05-13 19:46:42 UTC
Sounds like a good plan.

BTW, I'm the author of the Fedora SELinux FAQ and the Red Hat SELinux Guide. 
I'll be happy to help you sort out what is useful for your purposes.  If, when
reading through them, you find anything worthy of a bugzilla, the template you
can use is linked from my people.redhat.com page:

http://fedora.redhat.com/docs/selinux-faq-fc3/
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/selinux-guide/
http://people.redhat.com/kwade/
(or use this for the bz template for the Guide: http://tinyurl.com/c2n4v)

Thanks!

Comment 4 Vladimir Kosovac 2008-01-16 03:10:44 UTC
New ACLs draft is now available:

https://fedoraproject.org/wiki/Docs/Drafts/AdministrationGuide/AccessControlLists

It's been proof-read and mark XML ready. Likely to be released as part of AG at
Fedora 9 release time.

Should this be closed now?

Comment 5 Karsten Wade 2008-01-16 05:20:09 UTC
As you say, it is in draft (rawhide) to make in the next version of the
Administration Guide, so I'm closing this as "in rawhide".




Note You need to log in before you can comment on or make changes to this bug.