Re: Overiding one permission

> I want to allow the user to have all permission except deleting a file.
> How do I do this? Do I need to list out all the permission? I tried the
> policy below, but I'm still able to delete file.txt.
>
> grant {
>     permission java.security.AllPermission;
>     permission java.io.FilePermission "file.txt", "read";
> }

There is no way to express "all permissions but X" with Sun's default
security policy implementation.  You probably do not want to grant
precisely that anyway, however, because there are many permissions
that are tantamount to java.security.AllPermission-- like
RuntimePermission "setSecurityManager" or "createClassLoader", or
java.lang.reflect.ReflectPermission "suppressAccessChecks", etc.--
any of which would allow untrusted code to achieve the excluded
permission.

-- Peter

===========================================================================
To unsubscribe, send email to listserv@xxxxxxxxxxxx and include in the body
of the message "signoff RMI-USERS".  For general help, send email to
listserv@xxxxxxxxxxxx and include in the body of the message "help".

For a list of frequently asked RMI questions please refer to:
http://java.sun.com/j2se/1.3/docs/guide/rmi/faq.html

To view past RMI-USERS postings, please see:
http://archives.java.sun.com/archives/rmi-users.html