Re: [PATCH 02/18] xstat: Add a pair of system calls to makeextended file stats available [ver #6]

From: Jeremy Allison
Date: Mon Aug 16 2010 - 15:07:35 EST


On Mon, Aug 16, 2010 at 02:08:29PM -0400, J. Bruce Fields wrote:
> On Fri, Aug 13, 2010 at 10:54:10AM -0700, Jeremy Allison wrote:
> > On Fri, Aug 13, 2010 at 08:54:32AM -0400, J. Bruce Fields wrote:
> > > On Sun, Aug 08, 2010 at 06:05:01AM -0700, Jeremy Allison wrote:
> > > > We don't need to ape Windows in everything.
> > > > The coming ACL disaster will show that (we will go from an ACL
> > > > model that is slightly too complex to use, to one that is impossibly
> > > > complex to use :-).
> > >
> > > Care to elaborate?
> >
> > POSIX ACLs -> RichACLs (NT-style). Not criticising Andreas here,
> > people are asking for this. But Windows ACLs are a nightmare
> > beyond human comprehension :-). In the "too complex to be
> > usable" camp.
> >
> > > And what would native ACL support mean for Samba?
> >
> > RichACLs'll do it, but I feel sorry for the admins :-).
>
> I was curious whether you can support that with any data (or even just
> anecdotes) about real-world sysadmins.

Just an anecdote, but I remember giving a talk to a room full
of admins, all of whom told me it was essential for Samba to
implement "full Windows ACL compatibility" (we were in the process
of coding it up at the time). I asked them to tell me the difference
between object inherit, container inherit, and inherit only. Only
one hand remained up (out of a room containing a couple of hundred
Windows admins). I asked him where he worked, and the reply was
"the US Marine Corps." :-).

> The NT-style ACLs give me a headache, honestly. But that may just be
> because I've been involved with the implementation. Admins may have the
> luxury of using only the subset that they're comfortable with.

Yeah. I think most sites set a group as the owner of a share
and the directory so exported, set the directory to inherit
everything down below, and just leave it up to the members
of that group without getting further involved :-).

Jeremy.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/