Re: What's left over.

• Next message: Richard J Moore: "Re: [lkcd-general] Re: What's left over."
• Previous message: Douglas Gilbert: "Re: ieee1394/sbp2.c doesn't compile in 2.5.45"
• In reply to: Werner Almesberger: "Re: What's left over."
• Next in thread: Werner Almesberger: "Re: What's left over."
• Reply: Werner Almesberger: "Re: What's left over."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2002-10-31 at 13:49, Werner Almesberger wrote:
> john stultz wrote:
> > groups for each project, I have no clue how anyone would be able to
> > handle the (unix)group management required. ACLs let the users
> > themselves manage what people got what access to their data.
>
> Note that POSIX ACLs don't seem to solve this either: they only
> let you control access in terms of existing users or groups.

I've never looked at the POSIX ACL spec, so forgive my ignorance.
 
> IMHO, this is one of the standard pitfalls of ACLs: if they don't
> let you aggregate information, you quickly end up with huge ACLs
> hanging off every file, and each of those ACLs wants to be
> carefully maintained. I've seen a lot of this in my VMS days.
> (Unix is a bit better, because you can control access at a
> directory level, while VMS needs the ACL on each file, because
> you can open files directly by VMS' equivalent to an inode
> number, without traversing the directory hierarchy. Of course,
> many users didn't know that :-)

While it would be nice to have user-definable ACL groups ("my friends"
or "History 255 TAs") in addition to existing users and groups, I still
don't find this to be critical. Sure, it adds (possibly quite a bit of)
extra data to every file, but it gives you the granularity you need for
the situation I described. It seems like user-definable ACL groups
would be a nice extra feature on top of existing users or groups, but
not a necessity.

> To make ACLs truly scalable, it would be nice to be able to
> express permissions in terms of access to other filesystem
> objects. E.g. "everybody who can read file ~me/acls/my_friends
> can write the directory on which this ACE hangs". This should
> work like a symlink, i.e. if I add new friends to my_friends, I
> don't have to update all my ACLs.

Ugh, that seems dangerous. Too many forgotten ACL links and then I could
accidentally give a vague acquaintance access to all my data meant for
close friends.

Regardless, while ACLs do result in extra data per file being used, it
is my understanding that ACLs allow you to solve problems that currently
aren't solvable w/o administrator intervention. In my experience using
them w/ AFS, they have been extremely useful.

-john

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Richard J Moore: "Re: [lkcd-general] Re: What's left over."
• Previous message: Douglas Gilbert: "Re: ieee1394/sbp2.c doesn't compile in 2.5.45"
• In reply to: Werner Almesberger: "Re: What's left over."
• Next in thread: Werner Almesberger: "Re: What's left over."
• Reply: Werner Almesberger: "Re: What's left over."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Oct 31 2002 - 22:00:57 EST