User: Password:
|
|
Subscribe / Log in / New account

Doesn't go far enough for file servers

Doesn't go far enough for file servers

Posted Jun 4, 2012 18:12 UTC (Mon) by nix (subscriber, #2304)
In reply to: Doesn't go far enough for file servers by Cyberax
Parent article: User and group mount options for ext filesystems

You just need to know parent directory's ACL and file's ACL. No need for anything more significant.
As I pointed out, for Windows ACLs, that is not true: you need to know the mv history of the file and (since files might have been moved out of and then back into directories with inherited ACLs) the ACL history of all directories it has moved into over its lifetime as well. None of this information is recorded anywhere.


(Log in to post comments)

Doesn't go far enough for file servers

Posted Jun 4, 2012 18:42 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

Why? Moving a file simply changes its ACLs. No need to track them for the whole lifetime of the file.

Doesn't go far enough for file servers

Posted Jun 6, 2012 17:33 UTC (Wed) by nix (subscriber, #2304) [Link]

As was pointed out a few posts up, moving a file does *not* change its ACLs unless you do the move *from the GUI*. A command-line move leaves the ACLs unchanged, and does not respect inherited ACLs (i.e. inherited ACLs are not really part of the permission system but are a hack implemented at the GUI level). Thus the problems I mentioned.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds