Shared address space and trust and what is a "user" [Re: Our

Alaric B. Williams
Sun, 11 May 1997 17:25:32 +0000

> I tend to think of ACLs as something attached to objects and only
> referencing identities, rather than the other way around.  Thus an ACL in
> the Andrew File System is attached to a directory and specifies who may
> access that directory; it's not something attached to the user and listing
> what directories they may access.

Yup; I looked at it the other way round "just for completeness" :-)
> I think both are worthwhile in certain contexts:  ACLs are good for
> determining what is visible to a given identity, and PLs are good for
> determining what that identity can do.

But is seeing something not an action an identity can do?

IE, the directory requests you to identify yourself, and then compares
your privs with those needed for each file. I'm not sure how speed would
tradeoff either way, though...

Alaric B. Williams (

   ---<## OpenDOS FAQ ##>---

Plain HTML:

Fancy HTML: