lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20100816190724.GA23812@samba1>
Date:	Mon, 16 Aug 2010 12:07:24 -0700
From:	Jeremy Allison <jra@...ba.org>
To:	"J. Bruce Fields" <bfields@...ldses.org>
Cc:	Jeremy Allison <jra@...ba.org>, Jeff Layton <jlayton@...hat.com>,
	Neil Brown <neilb@...e.de>, utz lehmann <lkml123@...4n2c.de>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Volker.Lendecke@...net.de, David Howells <dhowells@...hat.com>,
	Jan Engelhardt <jengelh@...ozas.de>,
	linux-cifs@...r.kernel.org, linux-nfs@...r.kernel.org,
	samba-technical@...ts.samba.org, linux-kernel@...r.kernel.org,
	viro@...iv.linux.org.uk, linux-fsde@...per.es
Subject: Re: [PATCH 02/18] xstat: Add a pair of system calls to make
 extended  file stats available [ver #6]

On Mon, Aug 16, 2010 at 02:08:29PM -0400, J. Bruce Fields wrote:
> On Fri, Aug 13, 2010 at 10:54:10AM -0700, Jeremy Allison wrote:
> > On Fri, Aug 13, 2010 at 08:54:32AM -0400, J. Bruce Fields wrote:
> > > On Sun, Aug 08, 2010 at 06:05:01AM -0700, Jeremy Allison wrote:
> > > > We don't need to ape Windows in everything.
> > > > The coming ACL disaster will show that (we will go from an ACL
> > > > model that is slightly too complex to use, to one that is impossibly
> > > > complex to use :-).
> > > 
> > > Care to elaborate?
> > 
> > POSIX ACLs -> RichACLs (NT-style). Not criticising Andreas here,
> > people are asking for this. But Windows ACLs are a nightmare
> > beyond human comprehension :-). In the "too complex to be
> > usable" camp.
> > 
> > > And what would native ACL support mean for Samba?
> > 
> > RichACLs'll do it, but I feel sorry for the admins :-).
> 
> I was curious whether you can support that with any data (or even just
> anecdotes) about real-world sysadmins.

Just an anecdote, but I remember giving a talk to a room full
of admins, all of whom told me it was essential for Samba to
implement "full Windows ACL compatibility" (we were in the process
of coding it up at the time). I asked them to tell me the difference
between object inherit, container inherit, and inherit only. Only
one hand remained up (out of a room containing a couple of hundred
Windows admins). I asked him where he worked, and the reply was
"the US Marine Corps." :-).

> The NT-style ACLs give me a headache, honestly.  But that may just be
> because I've been involved with the implementation.  Admins may have the
> luxury of using only the subset that they're comfortable with.

Yeah. I think most sites set a group as the owner of a share
and the directory so exported, set the directory to inherit
everything down below, and just leave it up to the members
of that group without getting further involved :-).

Jeremy.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ