About ACLs
On 20 Mar 2000 16:15:35 +1100, the world broke into rejoicing as
Brian May <bam@debian.org> said:
> Somebody told me ACLs were already in EXT2, just not supported by user
> tools yet...
There are some basic hooks that have been in place in the kernel since
about '97. Due to Ted Ts'o.
The problem is that making ACLs *useful* requires that there be more
than that. You need:
a) Kernel support,
b) Library support (GLIBC)
c) User space utilities (something like chacls to correspond to chmod)
d) Pervasive changes to applications. After all, it's bad if you use
tar and the ACLs disappear. And so, *every* utility that can
do *anything* to files potentially has to change to support ACLs.
Potentially.
e) Some sort of reasonable default policy so that a Linux *distribution*
has reasonable ACL setup done. Thus, RPM/dpkg need to support ACLs,
and there is probably a need to offer...
f) Some default ACL configuration;
g) A way of changing the default mappings across a distribution.
Thus, on "Desktop Red Hat," there might be a fairly open policy.
And on the web server, there would be a rather more restrictive
policy set.
And on the machine on which runs the executive payroll, there is
a downright *paranoid* policy set. All of which needs to be
supportable by RPM...
The problem is that ACLs aren't really terribly useful until you have
*all* of the above, and there are a couple that are decidedly
"fuzzy" notions...
--
"There are three kinds of program statements: sequence, repetition,
and seduction."
cbbrowne@ntlug.org - <http://www.hex.net/~cbbrowne/lsf.html>
Reply to: