not quite. denial is always applied first. in fact, the thing
that's been missing from this discussion is any mention
of VMS, which has probably the most complete ACL implementation
I've seen. it was borrowed (sometimes almost byte for byte) by
n*t, although they left out some of the more obscure bits. I
never could get the hang of being able to execute programs
even though i couldn't read the contents of the directory
that they resided in, or even read them themselves.
Seriously though, a streamlined version of the vms acl
implementation would be very impressive. don't suppose the
folks over at free-vms.org are doing anything about it?
cheers
john
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/