Robert Millan wrote:
On Tue, Aug 20, 2002 at 11:28:07AM -0500, Tom Hart wrote:
I assume that the Hurd is sticking with the traditional UN*X model because most sysadmins who are used to UNIX will find this easier to work with. Furthermore, switching to an ACL-based model would probably break compatibility with traditional Unices, or at the very least, require a lot of work porting existing programs that depend on the UN*X security model.why? UN*X permissions can be defined using ACLs can't they? that way the users can choose between using an ACL subset that identifies UN*X perms or more flexible combinations.
True. I may be missing the distinction between ACL's in general and how they're implemented in NT-based systems. Especially how a user can set file permissions in a way that prevents an administrator from reading the user's files, unless the administrator changes the permissions.
The specific problem I'm thinking about is ACE (Access Control Entry) inheritance, which, in my experience, is a very confusing complication that I'm happy to avoid when using GNU systems. There is a very obscure set of rules concerning which ACL entries take precedence between:
1. inherited versus non-inherited ACE's 2. allow versus deny ACE'sThat said, if the traditional UN*X permissions model could be exposed to the user by default (by such programs as ls and chmod), and the ugly ACL business could be taken care of behind the scenes, that would be nice. By providing the users with new tools and allowing them to set permissions in a more finely-grained fashion with ACL's, an ability not present in UN*X would be available in the GNU system. Are you suggesting that the Hurd should at some point move to ACL's (which, I assume, would be an in-the-future, low priority job)?
However, wouldn't it still be necessary to patch programs written for the traditional UN*X model so that they could see the ACL's, and respect the more fine-grained control when present?
-- Tom Hart hartte13@brandonu.ca