That would certainly simplify the ACL inheritance situation, but it's the files themselves you want to control access to, not the directory entries. Having different permissions depending on how you access the file seems like a big step backward to me.
"Live" inherited ACLs have obvious issues; the hard-link case is particularly bad. However, "static" inheritance, as with the default POSIX ACL associated with a directory, offers a reasonable compromise. A file receives the default ACL of the directory in which it is created, and retains that ACL (unless separately modified) even if the file is moved or hard-linked into another directory. If inheritance is preferred after a move or directory permission change, the default ACL of the new containing directory can be re-applied as a separate step.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds