[kwlug-disc] Access rights to file/folder

unsolicited unsolicited at swiz.ca
Thu Jul 29 22:45:40 EDT 2010


John Van Ostrand wrote, On 07/29/2010 10:27 AM:
> ----- Original Message -----
>> Speaking of LDAP, how do ACL's fit into the Linux LDAP world?
>> 
> 
> For security LDAP provides two basic things: authentication and
> user information. In Linux these are two separate configurations
> that are not dependant on one another. Authentication is handled by
> the /etc/pam.d configuration files and user information is handled
> by /etc/nsswitch.conf configuration. The libraries (pam and nss)
> behind these config files do all the work.
> 
> So as far as ACLs go, LDAP provides the user and group names (so
> the ACLs show names instead of IDs) and it provides the list of
> group IDs for a user so the kernel can determine what access rights
> a user has.
> 
> There isn't anything really magical about LDAP. For the purpose of
> ACLs think of it like a shared copy of /etc/passwd, /etc/group and
> /etc/shadow.

I guess what I was thinking of was of LDAP (utilities?) providing the 
tree structure gui to groups and groups of groups, making it easier, 
or more visual, to maintaining the back end (permissions combinations 
/ holder list) 'database'. [I know I'm not saying that very well.]




More information about the kwlug-disc mailing list