Re: About the login shell
On Wed, Aug 21, 2002 at 10:25:10AM +0800, bobstopper@australispro.com.au wrote:
> I investigated file permissions for the Hurd a couple of years ago.
> The upstream maintainer of fileutils (Michael Stone I think it was?)
> told me the Hurd shouldn't bother with the extra permission bits for
> the unauthenticated user since the problem would be much more effectively
> solved by ACLs. He further went to tell me that fileutils (back then
> in about 2000 mind you) was having ACL capabilities added to it.
Well, the nouser bits were a straightforward, simple addition. It was
consequent because otherwise the nouser could only ever get the same
permissions as the other user, and there would be no way to discriminate.
So, if you want to solve it by ACLs, there would be no way to have a
sensible no user without ACLs, but this is not really a desirable position.
I don't really see ACLs and the nouser bits as mutually exclusive.
Just like the normal rwx bits and ACLs are not exclusive.
> Consequently, assuming ACLs have been added by now (I haven't looked
> into it since) much of the work should be done and all that really
> remains is adding Hurdish support for them. And maybe patching the
> odd program which doesn't access the permissions interface in a
> manner easily translatable into ACLs.
Well, it seems fileutils has ACL support and a framework for it.
> I thoroughly believe that ACLs would be a much cleaner solution for
> this problem than an extra set of permission bits.
I don't think both are addressing the same problem. You can safely assume
that everybody would need to tweak some permission bits for the no user, but
there is no reason to assume that most people would need the full weight of
ACLs.
> ACLs all the way is my vote.
In addition to what we have, certainly.
Thanks,
Marcus
--
`Rhubarb is no Egyptian god.' GNU http://www.gnu.org marcus@gnu.org
Marcus Brinkmann The Hurd http://www.gnu.org/software/hurd/
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de/
Reply to: