Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 18 Oct 2005 13:20:56 +0100 (BST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Heinrich Rebehn <rebehn@ant.uni-bremen.de>
Cc:        freebsd-fs@freebsd.org
Subject:   Re: Problem with default ACLs and mask
Message-ID:  <20051018131405.M56080@fledge.watson.org>
In-Reply-To: <4354E644.7090608@ant.uni-bremen.de>
References:  <434F4FF8.9050903@ant.uni-bremen.de> <20051014064145.GA40856@admin.sibptus.tomsk.ru> <434F9DAE.6070607@ant.uni-bremen.de> <20051014134820.GA43849@admin.sibptus.tomsk.ru> <20051014203021.L66014@fledge.watson.org> <435351F7.10101@ant.uni-bremen.de> <20051017141609.GA83692@admin.sibptus.tomsk.ru> <4354D850.8060908@ant.uni-bremen.de> <20051018112135.GA94670@admin.sibptus.tomsk.ru> <4354E644.7090608@ant.uni-bremen.de>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Tue, 18 Oct 2005, Heinrich Rebehn wrote:

>> What OS allows you to do it?
>>
> I have done such things with OpenVMS. Dunno how much control 
> Windows/NTFS allows.

NFSv4 ACLs have a facility along these lines, which is one of the reasons 
I've been investigating it.  There are potential interactions with notions 
of setuid/setgid that need to be considered carefully, however. 
Supposedly Sun released a new IETF draft yesterday that will continue the 
dialog on how to combine UNIX semantics and NFSv4 semantics, but I haven't 
had a chance to pull it down yet.

AFS had an alternative notion that I found quite useful -- they believe 
that objects don't have owners, only ACLs that give the rights associated 
with ownership to whomever is appropriate.  They also dramatically 
simplified matters by putting ACLs only on directories, since their focus 
was user data, and saving the trouble of trying to manage ACLs on untold 
numbers of objects.  However, this requires a clear notion of what 
directory a file is in, which isn't very compatible with the notion of 
hard links -- so AFS allows hard linking only within the same directory.

Robert N M Watson

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051018131405.M56080>