什么是 ACL 所有者?

发布于 2024-08-21 11:55:04 字数 416 浏览 9 评论 0原文

我发现了所谓“ACL 所有者”的三种可能性:

  • 所有者是受保护的资源。这就是 EAz 的方式。
  • ACL 所有者是拥有并编辑 ACL 的用户。 (如 java.security.acl.Acl 或 POSIX ACL)
  • 用户拥有受保护的资源,并且受保护的资源拥有 ACL。因此用户间接拥有 ACL 并允许对其进行编辑。

其中一个或另一个是否存在重大缺陷?

附录:在大多数实现中,ACL 的所有者是有权更改此 ACL 的权限并拥有相应对象的用户。

I have found three possibilities for what is calls an "ACL owner" in the wild:

  • The owner is the protected resource. That's the way EAz goes.
  • The ACL owner is the user whow owns and edits the ACL. (like in java.security.acl.Acl or POSIX ACL)
  • The user owns the protected resource and the protected resource owns the ACL. So the user owns the ACL indirectly and is allowed to edit it.

Are there significant shortcomings of the one or other?

Addendum: In most implementations the owner of an ACL is the user who has the right to change the permissions of this ACL and owns the corresponding object.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

生来就爱笑 2024-08-28 11:55:04

您所询问的内容没有标准术语。

您引用的文章暗示了这一点,因为它提到了许多不同的实现,每个实现都有自己的观点。然而,它确实提到了“经典 ACL”——我觉得这个概念相当奇怪……

经典 ACL 没有“ACL 所有者”。资源有所有者,资源有属性,ACL 可能是其中的一种。将 ACL 与资源分开看待是很奇怪的。我认为这不符合人们固有的思维模式。最直观的关系是我上面所说的:资源有所有者,如果它们有ACL,这样的ACL是所有者意愿的反映,因此可以被视为属性。

“真正的答案”是,它在你自己的构造中意味着你想要它意味着什么。

RT

There is no standard nomenclature for what you're asking about.

The article you cited says that by implication as it mentions a great many disparate implementations, each with their own view. It does, however, mention "classic ACLs" - a notion I find rather curious...

Classic ACLs don't have "ACL owners". Resources have owners, and resources have attributes, of which ACLs may be one kind. It's odd to think of an ACL separate and apart from a resource. I don't think that fits any mental model that people will inherently grock. The most intuitive relationship is the one I stated above: Resources have owners and if they have ACLs, such ACLs are a reflection of the wishes of the owner(s), an may thereby be seen as attributes.

The "real answer" is that it means whatever you want it to mean, within your own constructs.

RT

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文