httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Julian Reschke <julian.resc...@gmx.de>
Subject Re: Any plans for RFC3744
Date Tue, 15 Jun 2004 05:58:19 GMT
Bennett, Tony - CNF wrote:
> ...
> Also...One question I had about 3744... 
> the RFC says in the Introduction: 
> 
>    ...The "operations you can perform" are determined by a
>    single "access control list" (ACL) associated with a resource.
> 
> This seems to mirror UNIX's file mode...
> ...however, in UNIX if a parent directory prevents access, then 
> even if the file's mode allows access, the file access is prevented.
> 
> The RFC seems to say to me, the resource's mode is the single
> determining
> factor.  Its parent collection's mode is of no consequence.  
> 
> Am I reading this right???

Yes and no. The access rights are modeled on the resource and never are 
implicitly inherited. You *may* use inherited privileges, though, see 
<http://greenbytes.de/tech/webdav/rfc3744.html#PROPERTY_inherited-acl-set>), 
but that probably wouldn't work well here if you'd have a backend that 
allows multiple collection bindings (ie. multiple hard links to 
folders), so the same resource (file) would appear in multiple WebDAV 
collections (folders).

On the other hand, there's nothing that prevents you from requiring a 
special "directory access" privilege on the collection identified by the 
parent of the request URI in addition to the standard DAV:* privileges 
on the leaf node.

Anyway, for questions about the spec itself you may want to address 
<mailto:acl@webdav.org> (I'm not sure all of the authors are subscribing 
this list).

Best regards, Julian

-- 
<green/>bytes GmbH -- http://www.greenbytes.de -- tel:+492512807760

Mime
View raw message