[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

About ACLs



On 20 Mar 2000 16:15:35 +1100, the world broke into rejoicing as
Brian May <bam@debian.org>  said:
> Somebody told me ACLs were already in EXT2, just not supported by user
> tools yet...

There are some basic hooks that have been in place in the kernel since
about '97.  Due to Ted Ts'o.

The problem is that making ACLs *useful* requires that there be more
than that.  You need:

a) Kernel support,
b) Library support (GLIBC)
c) User space utilities (something like chacls to correspond to chmod)
d) Pervasive changes to applications.  After all, it's bad if you use
   tar and the ACLs disappear.  And so, *every* utility that can
   do *anything* to files potentially has to change to support ACLs.
   Potentially.
e) Some sort of reasonable default policy so that a Linux *distribution*
   has reasonable ACL setup done.  Thus, RPM/dpkg need to support ACLs,
   and there is probably a need to offer...
f) Some default ACL configuration;
g) A way of changing the default mappings across a distribution.
   Thus, on "Desktop Red Hat," there might be a fairly open policy.
   And on the web server, there would be a rather more restrictive
   policy set.
   And on the machine on which runs the executive payroll, there is
   a downright *paranoid* policy set.  All of which needs to be
   supportable by RPM...

The problem is that ACLs aren't really terribly useful until you have
*all* of the above, and there are a couple that are decidedly
"fuzzy" notions...
--
"There are  three kinds  of program statements:  sequence, repetition,
and seduction."
cbbrowne@ntlug.org - <http://www.hex.net/~cbbrowne/lsf.html>


Reply to: