Date: Fri, 19 Mar 1999 12:48:57 -0800 (PST) From: Jaye Mathisen <mrcpu@internetcds.com> To: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> Cc: Alan Weber <aaweber@austin.rr.com>, robert+freebsd@cyrus.watson.org, freebsd-security@FreeBSD.ORG Subject: Re: ACLs was disapointing security architecture Message-ID: <Pine.BSF.4.05.9903191223310.21240-100000@schizo.cdsnet.net> In-Reply-To: <199903141742.JAA22396@gndrsh.aac.dev.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I miss my Apollo/Domain/OS boxes. They had lots of other interesting features as well, but certainly the ACL's standout as being mucho flexible and very useful... I miss my crp. On Sun, 14 Mar 1999, Rodney W. Grimes wrote: > [Trim old context] > > > > > I am not suggesting directory-only ACLs but want the file ACL to point to the > > directory ACL unless explicitly changed on a per file basis. I like the above > > scheme to reuse ACLs as one change can be efficiently propagated to a huge number > > of files versus having to fetch/update every file ACL in a directory hierarchy. > > > > Apollo/Agies and Apollo Domain/OS implemented it something like this, only > I think the ACL's where stored as seperate UUID objects and files/directories > had pointers to them. A UUID is kinda like an inode, but a lot more flexable > in what it can do. They also had a utility known as salacl (salvage acl's) > that would walk a disk volume for all acl's and find ones that had the > same values, then collapse all the pointers to a minimum set of acl's. > > In the early days of Apollo/Agies is you did not run salacl at least once > a week performance really started to suck. Latter they improved the ACL > cache code and this became less of a problem unless you where doing lots > of changes to a volumes ACL's. > > > -- > Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.aac.dev.com > Accurate Automation, Inc. Reliable computers for FreeBSD > http://www.aai.dnsmgr.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9903191223310.21240-100000>