Re: R: Re: R: Enforcing attribute ACL on add operations
Howard Chu <hyc(a)symas.com> wrote:
> 2) should modrdn be fixed the same way? Other operations?
I'm not yet convinced. What's the scenario you see here?
I have the right to move users from a branch to another, but ACL
restrict some atttributes (e.g.: gidNumber) depending on the branch. A
modrdn allows me to circunvent the ACL.
That's a bit far fetched, but I wonder if some setups could benefit
from such a check.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu(a)netbsd.org