Date: Sun, 14 Mar 1999 09:42:30 -0800 (PST) From: "Rodney W. Grimes" <rgrimes@gndrsh.aac.dev.com> To: aaweber@austin.rr.com (Alan Weber) Cc: robert+freebsd@cyrus.watson.org, freebsd-security@FreeBSD.ORG Subject: Re: ACLs was disapointing security architecture Message-ID: <199903141742.JAA22396@gndrsh.aac.dev.com> In-Reply-To: <19990313203902.B1850@austin.rr.com> from Alan Weber at "Mar 13, 99 08:39:02 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
[Trim old context] > > I am not suggesting directory-only ACLs but want the file ACL to point to the > directory ACL unless explicitly changed on a per file basis. I like the above > scheme to reuse ACLs as one change can be efficiently propagated to a huge number > of files versus having to fetch/update every file ACL in a directory hierarchy. > Apollo/Agies and Apollo Domain/OS implemented it something like this, only I think the ACL's where stored as seperate UUID objects and files/directories had pointers to them. A UUID is kinda like an inode, but a lot more flexable in what it can do. They also had a utility known as salacl (salvage acl's) that would walk a disk volume for all acl's and find ones that had the same values, then collapse all the pointers to a minimum set of acl's. In the early days of Apollo/Agies is you did not run salacl at least once a week performance really started to suck. Latter they improved the ACL cache code and this became less of a problem unless you where doing lots of changes to a volumes ACL's. -- Rod Grimes - KD7CAX - (RWG25) rgrimes@gndrsh.aac.dev.com Accurate Automation, Inc. Reliable computers for FreeBSD http://www.aai.dnsmgr.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903141742.JAA22396>