From owner-freebsd-fs@FreeBSD.ORG Tue Oct 18 12:20:58 2005 Return-Path: X-Original-To: freebsd-fs@freebsd.org Delivered-To: freebsd-fs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F1DC16A41F for ; Tue, 18 Oct 2005 12:20:58 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id D9ED343D48 for ; Tue, 18 Oct 2005 12:20:57 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 2C22246B8C; Tue, 18 Oct 2005 08:20:56 -0400 (EDT) Date: Tue, 18 Oct 2005 13:20:56 +0100 (BST) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: Heinrich Rebehn In-Reply-To: <4354E644.7090608@ant.uni-bremen.de> Message-ID: <20051018131405.M56080@fledge.watson.org> References: <434F4FF8.9050903@ant.uni-bremen.de> <20051014064145.GA40856@admin.sibptus.tomsk.ru> <434F9DAE.6070607@ant.uni-bremen.de> <20051014134820.GA43849@admin.sibptus.tomsk.ru> <20051014203021.L66014@fledge.watson.org> <435351F7.10101@ant.uni-bremen.de> <20051017141609.GA83692@admin.sibptus.tomsk.ru> <4354D850.8060908@ant.uni-bremen.de> <20051018112135.GA94670@admin.sibptus.tomsk.ru> <4354E644.7090608@ant.uni-bremen.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-fs@freebsd.org Subject: Re: Problem with default ACLs and mask X-BeenThere: freebsd-fs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Filesystems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Oct 2005 12:20:58 -0000 On Tue, 18 Oct 2005, Heinrich Rebehn wrote: >> What OS allows you to do it? >> > I have done such things with OpenVMS. Dunno how much control > Windows/NTFS allows. NFSv4 ACLs have a facility along these lines, which is one of the reasons I've been investigating it. There are potential interactions with notions of setuid/setgid that need to be considered carefully, however. Supposedly Sun released a new IETF draft yesterday that will continue the dialog on how to combine UNIX semantics and NFSv4 semantics, but I haven't had a chance to pull it down yet. AFS had an alternative notion that I found quite useful -- they believe that objects don't have owners, only ACLs that give the rights associated with ownership to whomever is appropriate. They also dramatically simplified matters by putting ACLs only on directories, since their focus was user data, and saving the trouble of trying to manage ACLs on untold numbers of objects. However, this requires a clear notion of what directory a file is in, which isn't very compatible with the notion of hard links -- so AFS allows hard linking only within the same directory. Robert N M Watson