From owner-freebsd-security Fri Mar 19 12:49:59 1999 Delivered-To: freebsd-security@freebsd.org Received: from mail-01.cdsnet.net (mail-01.cdsnet.net [206.107.16.35]) by hub.freebsd.org (Postfix) with SMTP id 3F93B15186 for ; Fri, 19 Mar 1999 12:49:42 -0800 (PST) (envelope-from mrcpu@internetcds.com) Received: (qmail 20454 invoked from network); 19 Mar 1999 20:49:23 -0000 Received: from schizo.cdsnet.net (204.118.244.32) by mail.cdsnet.net with SMTP; 19 Mar 1999 20:49:23 -0000 Date: Fri, 19 Mar 1999 12:48:57 -0800 (PST) From: Jaye Mathisen X-Sender: mrcpu@schizo.cdsnet.net To: "Rodney W. Grimes" Cc: Alan Weber , robert+freebsd@cyrus.watson.org, freebsd-security@FreeBSD.ORG Subject: Re: ACLs was disapointing security architecture In-Reply-To: <199903141742.JAA22396@gndrsh.aac.dev.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I miss my Apollo/Domain/OS boxes. They had lots of other interesting features as well, but certainly the ACL's standout as being mucho flexible and very useful... I miss my crp. On Sun, 14 Mar 1999, Rodney W. Grimes wrote: > [Trim old context] > > > > > I am not suggesting directory-only ACLs but want the file ACL to point to the > > directory ACL unless explicitly changed on a per file basis. I like the above > > scheme to reuse ACLs as one change can be efficiently propagated to a huge number > > of files versus having to fetch/update every file ACL in a directory hierarchy. > > > > Apollo/Agies and Apollo Domain/OS implemented it something like this, only > I think the ACL's where stored as seperate UUID objects and files/directories > had pointers to them. A UUID is kinda like an inode, but a lot more flexable > in what it can do. They also had a utility known as salacl (salvage acl's) > that would walk a disk volume for all acl's and find ones that had the > same values, then collapse all the pointers to a minimum set of acl's. > > In the early days of Apollo/Agies is you did not run salacl at least once > a week performance really started to suck. Latter they improved the ACL > cache code and this became less of a problem unless you where doing lots > of changes to a volumes ACL's. > > > -- > Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.aac.dev.com > Accurate Automation, Inc. Reliable computers for FreeBSD > http://www.aai.dnsmgr.com > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message