Suppose a per-subject access control list is used. Deleting an object in such a system is inconvenient because all changes must be made to the control lists of all subjects who did have access to the object. Suggest an alternative, less costly means of handling deletion.
What will be an ideal response?
There are many different approaches. The reason these updates need to be made is in case a txt1.txt is deleted, and a new txt1.txt is created in its place—the new txt1.txt should not inherit its predecessor’s permissions. A way to circumvent this issue is to take the following steps:
When an object is deleted, instead of deleting it from the object store, append to it a signifier to indicate that it has been deleted. If any subject atempts to access a deleted object, delete the access control entry.
When a file is created, check to see if it has a predecessor (a deleted file with the same name). If it has a predecessor, remove all of those predecessor’s permissions (by following the delete procedure explained previously). This will limit the instances of the “expensive” delete procedure by only using it in order to prevent accidental inheritance of permissions from a similarly named but since deleted file.
You might also like to view...
Which windowsproperty identifies the name by which the windowis known in a program?
a. name b. title c. label d. A window does not need to be identified in a program.
Complete the code fragment below so that it displays on the same line the first alphabetic letter in str and the last digit in str. You may assume that str contains at least one alphabetic letter and at least one digit.
``` int fst_let, last_dig; /* positions of first letter, last digit */ char str[30]; int i; printf("Enter a string> "); scanf("%s", str); ```