Next: Inheritance
Up: Access lists
Previous: Access lists
  Contents
For each program, we must be able to give a permissions set. We
gather programs into equivalence classes of
. Thanks
to the canonical bijection between and
, which
maps to
, this amount to giving
to each element of a permissions set.
This permission set is a subset of , which can be made by selecting
rows in the table in section .
We saw in section that we can also reduce the number
of rows of the table using the underlaying structure of the filesystem
hierarchy.
We will carry on with the example of the figure , where
.
Let's define 's graph for example as following:
This lead to figures , and
.
Figure:
From
to the equivalence classes of
.
|
Figure:
From
to the equivalence classes of
.
|
Figure:
From
to the equivalence classes of
.
|
When /usr/bin/vi is exec'd, it is given (in addition to its inherited
capabilities) the capabilities given by
If it wants to access, say, /etc/fstab, the following operations are
done :
Now that we obtained
, we can carry on :
Next: Inheritance
Up: Access lists
Previous: Access lists
  Contents
Biondi Philippe
2000-12-15