Problem with default ACLs and mask
Robert Watson
rwatson at FreeBSD.org
Tue Oct 18 05:20:58 PDT 2005
On Tue, 18 Oct 2005, Heinrich Rebehn wrote:
>> What OS allows you to do it?
>>
> I have done such things with OpenVMS. Dunno how much control
> Windows/NTFS allows.
NFSv4 ACLs have a facility along these lines, which is one of the reasons
I've been investigating it. There are potential interactions with notions
of setuid/setgid that need to be considered carefully, however.
Supposedly Sun released a new IETF draft yesterday that will continue the
dialog on how to combine UNIX semantics and NFSv4 semantics, but I haven't
had a chance to pull it down yet.
AFS had an alternative notion that I found quite useful -- they believe
that objects don't have owners, only ACLs that give the rights associated
with ownership to whomever is appropriate. They also dramatically
simplified matters by putting ACLs only on directories, since their focus
was user data, and saving the trouble of trying to manage ACLs on untold
numbers of objects. However, this requires a clear notion of what
directory a file is in, which isn't very compatible with the notion of
hard links -- so AFS allows hard linking only within the same directory.
Robert N M Watson
More information about the freebsd-fs
mailing list