Access control lists

As in the cases of so many fancy systems, DomTool has its own notion of access control lists relevant to the resources it controls. The ACL data is serialized to $DOMTOOL/acl, though it is usually accessed via in-memory data structures in the different DomTool tools, after they read initial values from that file.

There's nothing novel or surprising about ACLs in DomTool. The ACL list is essentially a set of user/class/value triples. Users are DomTool principals as discussed in the last section. Classes include things like domain configuration rights, rights to run programs as particular UNIX users, rights to use particular filesystem paths, etc.. Values are class-specific capabilities, like the name of a domain that the user may configure.

1. Standard ACL classes