Path: utzoo!attcan!uunet!lll-winken!lll-tis!helios.ee.lbl.gov!pasteur!ucbvax!VLSI.JPL.NASA.GOV!tencati
From: tencati@VLSI.JPL.NASA.GOV (PLS REPLY TO TENCATI@GPVAX.JPL.NASA.GOV)
Newsgroups: comp.os.vms
Subject: ACL behavior
Message-ID: <880714082403.3956@VLSI.JPL.NASA.GOV>
Date: 14 Jul 88 15:24:03 GMT
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 34


I just heard a disturbing rumor.  If true, it explains why a lot of people
are confused about WHEN an ACL is checked.

The rumor is that if you have an ACE that reads:

            (Identifier=Something,Access=None)

That the NONE qualifier does NOT mean "deny access", it merely instructs 
the filesystem to stop processing the ACL, and proceed on to check the
file protection mask.  This means that if I have a file protected with
the mask (s:rwed,o:rwed,g:re,w:r) that no ACL is going to prevent access 
to this file, and that in order for the ACL to behave in the "expected" 
manner, that the file must first be locked down with the UIC-based protection.

The thing I find disturbing about this is that I was under the (mistaken?) 
opinion that if you said ACCESS=NONE in an ACE, that you were instructing
the filesystem to DENY access to the file, when instead the file should
be given the most extreme UIC-based protection mask, and the ACE is used
only to GRANT access to the file (..guess that's why it's called an "Access"
Control Entry, huh?..)

Anyway, this explains why some people are confused about when the ACL is 
checked.  If your UIC-based protection would allow access, then the ACL is
going to be ineffective, and it would appear that it was not "consulted" 
during a file access you thought should have failed.

Can anyone confirm or deny the rumor that "Access=None" does not mean 
"DENY access"?

Ron Tencati
Jet Propulsion Laboratory
Pasadena, Ca. 91109
TENCATI@GPVAX.JPL.NASA.GOV
JPLGP::TENCATI  (SPAN)