Doesn't go far enough for file servers

Posted Jun 6, 2012 15:16 UTC (Wed) by nybble41 (subscriber, #55106)
In reply to: Doesn't go far enough for file servers by dgm
Parent article: User and group mount options for ext filesystems

> Basically the same ACLs solve, but using just permission bits.

But POSIX ACLs are basically permission bits, just without the "one user plus one group" limitation. They still govern read, write, and execute/search permissions for specific users and groups and "others". I don't see how requiring multiple directory entries for the same effect is a "more sensible" solution.

That the UNIX permissions model could have been better--I have no argument with you there. We could have used POSIX-style ACLs from the beginning, and skipped the restrictive user/group/other model entirely.

Doesn't go far enough for file servers

Posted Jun 6, 2012 17:29 UTC (Wed) by dgm (subscriber, #49227) [Link]

> I don't see how requiring multiple directory entries for the same effect is a "more sensible" solution.

One word explanation: ls

Multiple word explanation: It's a question of simplicity, I suppose. This way you avoid introducing more concepts and tools. Notice just how simple it is to say "every link can have different permissions". Compare that to the simplest explanation of POSIX ACLs.

Additionally, you don't need to modify existing tools, and hardly add any new ones. The only one you may want to add is something that gives back the list of aliases (links) to a file.

In return for that simplicity you have to give up on the expectation of absolute ownership. You no longer can revoke permissions on other's links, but you can always recreate a file.