| |||||||||||||
Doesn't go far enough for file serversDoesn't go far enough for file serversPosted Jun 4, 2012 13:33 UTC (Mon) by Cyberax (✭ supporter ✭, #52523)In reply to: Doesn't go far enough for file servers by nix Parent article: User and group mount options for ext filesystems
You just need to know parent directory's ACL and file's ACL. No need for anything more significant.
Windows ACLs are a PITA - they're so complicated that one needs a PhD in aclology too understand them completely. But they actually allow several very useful use-cases that depend on ACL inheritance.
In general, I like Unix permission bits for static structures (like /usr or /var filesystems) but I absolutely hate them for shared dynamic directories.
(Log in to post comments)
Doesn't go far enough for file servers Posted Jun 4, 2012 18:12 UTC (Mon) by nix (subscriber, #2304) [Link] You just need to know parent directory's ACL and file's ACL. No need for anything more significant.As I pointed out, for Windows ACLs, that is not true: you need to know the mv history of the file and (since files might have been moved out of and then back into directories with inherited ACLs) the ACL history of all directories it has moved into over its lifetime as well. None of this information is recorded anywhere.
Doesn't go far enough for file servers Posted Jun 4, 2012 18:42 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]
Why? Moving a file simply changes its ACLs. No need to track them for the whole lifetime of the file.
Doesn't go far enough for file servers Posted Jun 6, 2012 17:33 UTC (Wed) by nix (subscriber, #2304) [Link]
As was pointed out a few posts up, moving a file does *not* change its ACLs unless you do the move *from the GUI*. A command-line move leaves the ACLs unchanged, and does not respect inherited ACLs (i.e. inherited ACLs are not really part of the permission system but are a hack implemented at the GUI level). Thus the problems I mentioned.
|
|||||||||||||