Date: Sun, 14 Mar 1999 20:49:15 -0500 (EST) From: Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu> To: Robert Watson <robert+freebsd@cyrus.watson.org>, Jon Hamilton <hamilton@pobox.com> Cc: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>, freebsd-security@FreeBSD.ORG Subject: Re: ACL's Message-ID: <Iqv6QPG00UwI1g7Ss0@andrew.cmu.edu> In-Reply-To: <19990314211556.E37313E@woodstock> References: <19990314211556.E37313E@woodstock>
next in thread | previous in thread | raw e-mail | index | archive | help
Excerpts from FreeBSD-Security: 14-Mar-99 Re: ACL's by Jon Hamilton@pobox.com >No, they provide all the functionality that hardlinks do that *you* care >about. Not every installation is used the same way, and you're simply >not going to be able to just do away with hard links by fiat; too many >people and things rely upon them. The best would probably be to make it a mount option, same would go for ACL's themselves for that matter. Hardlinks make a lot of sense in particular partitions, but I'm hard pressed to be convinced they make sense everywhere (particuarlly as they can only SPAN a particular partition). With ACL's it would be very dependent on the implementation as to wether they should be turned on on a per-partition basis, the fact that there are dedicated permissions which could do well without ACL's means that if there is anything but negligable performance degredation using ACL's, they should be able to be turned off into a NOP for that particular partition which doens't need them. Making anything like this a kernel switch seems to almost through the machine into a 'single use' mode, which is all well for large machine shops, or those with particular interests, but it is also nice to have one machine theoretically be able to 'do it all' as far as be secure, as well as, say, be a news server. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Iqv6QPG00UwI1g7Ss0>