From owner-freebsd-current@FreeBSD.ORG Thu Aug 7 05:02:59 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E6AA37B401 for ; Thu, 7 Aug 2003 05:02:59 -0700 (PDT) Received: from mail.tcoip.com.br (erato.tco.net.br [200.220.254.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5885B43F3F for ; Thu, 7 Aug 2003 05:02:57 -0700 (PDT) (envelope-from dcs@tcoip.com.br) Received: from tcoip.com.br ([10.0.2.6]) by mail.tcoip.com.br (8.11.6/8.11.6) with ESMTP id h77C2Wj17945; Thu, 7 Aug 2003 09:02:32 -0300 Message-ID: <3F323FD7.6090903@tcoip.com.br> Date: Thu, 07 Aug 2003 09:02:31 -0300 From: "Daniel C. Sobral" User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.4) Gecko/20030702 X-Accept-Language: en-us, en, pt-br, ja MIME-Version: 1.0 To: Terry Lambert References: <1059854534.46751.0.camel@acheron.livid.de> <3F311492.9080309@tcoip.com.br> <3F31E42E.87379C0A@mindspring.com> In-Reply-To: <3F31E42E.87379C0A@mindspring.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: "Scott M. Likens" cc: current@freebsd.org Subject: Re: ACLS on UFS2 from FreeBSD 5.1-RELEASE install. X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Aug 2003 12:02:59 -0000 Terry Lambert wrote: > "Daniel C. Sobral" wrote: > >>Scott M. Likens wrote: >> >>>Has anyone noticed the ACLS being disabled? >>> >>>tunefs -p /dev/da1s1c shows that ACLS are disabled on every partition I >>>have, i've gone through them all. >>> >>>any reason why? >> >>ACL is not the standard unix permission. Why enable something most >>people don't even know is there? > > > Have you ever had the need to put someone in more than 16 inclusion > or exclusion groups simultaneously, and run out of groups that could > simultaneously be associated with a given credential? Yes, that's why I enabled ACL here. Alas, I know FreeBSD supports ACL, and I know what semantics are used, so I'm not likely to be caught unaware by something I don't even know it's there. You'll also notice I'm not questioning the _existence_ of ACL. My point is that FreeBSD is Unix (no matter what the lawyers say), and people don't usually think of ACL when they think of Unix. Ergo, enabling ACL by defautl violates POLA. And, in FreeBSD, POLA is king. (Or so we used to believe, no matter what we actually did. :) -- Daniel C. Sobral (8-DCS) Gerencia de Operacoes Divisao de Comunicacao de Dados Coordenacao de Seguranca VIVO Centro Oeste Norte Fones: 55-61-313-7654/Cel: 55-61-9618-0904 E-mail: Daniel.Capo@tco.net.br Daniel.Sobral@tcoip.com.br dcs@tcoip.com.br Outros: dcs@newsguy.com dcs@freebsd.org capo@notorious.bsdconspiracy.net "But I don't like Spam!!!!"