* Oliver Xymoron (oxymoron@waste.org) wrote:
> On Wed, Oct 30, 2002 at 09:43:29PM -0500, Alexander Viro wrote:
> > Because People Are Stupid(tm). Because it's cheaper to put "ACL support: yes"
> > in the feature list under "Security" than to make sure than userland can cope
> > with anything more complex than "Me Og. Og see directory. Directory Og's.
> > Nobody change it". C.f. snake oil, P.T.Barnum and esp. LSM users
>
> It's nearly useless in a Unix-only context, true, however there's a rather
> serious impedance mismatch for serving files to Windows that this
> addresses. Emulating ACLs on the fly with groups to fit into the
> Windows model is mostly doable but ain't pretty.
It's only nearly useless if you have some desire as an admin to
constantly be creating groups and changing group lists for users. This
is not a feature which is useful only when serving files to Windows
machines, not even nearly. AFS, Solaris, Irix etc have support for ACLs
and have a great deal of people who use them. The simple yet common
situation of one user who wants to give even just read access to
another specific user for a given file is a pain in the ass to deal with
given the current structure.
Stephen
This archive was generated by hypermail 2b29 : Thu Oct 31 2002 - 22:00:54 EST