| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Aug 2010 12:07:24 -0700 From: Jeremy Allison <jra@...ba.org> To: "J. Bruce Fields" <bfields@...ldses.org> Cc: Jeremy Allison <jra@...ba.org>, Jeff Layton <jlayton@...hat.com>, Neil Brown <neilb@...e.de>, utz lehmann <lkml123@...4n2c.de>, Linus Torvalds <torvalds@...ux-foundation.org>, Volker.Lendecke@...net.de, David Howells <dhowells@...hat.com>, Jan Engelhardt <jengelh@...ozas.de>, linux-cifs@...r.kernel.org, linux-nfs@...r.kernel.org, samba-technical@...ts.samba.org, linux-kernel@...r.kernel.org, viro@...iv.linux.org.uk, linux-fsde@...per.es Subject: Re: [PATCH 02/18] xstat: Add a pair of system calls to make extended file stats available [ver #6] On Mon, Aug 16, 2010 at 02:08:29PM -0400, J. Bruce Fields wrote: > On Fri, Aug 13, 2010 at 10:54:10AM -0700, Jeremy Allison wrote: > > On Fri, Aug 13, 2010 at 08:54:32AM -0400, J. Bruce Fields wrote: > > > On Sun, Aug 08, 2010 at 06:05:01AM -0700, Jeremy Allison wrote: > > > > We don't need to ape Windows in everything. > > > > The coming ACL disaster will show that (we will go from an ACL > > > > model that is slightly too complex to use, to one that is impossibly > > > > complex to use :-). > > > > > > Care to elaborate? > > > > POSIX ACLs -> RichACLs (NT-style). Not criticising Andreas here, > > people are asking for this. But Windows ACLs are a nightmare > > beyond human comprehension :-). In the "too complex to be > > usable" camp. > > > > > And what would native ACL support mean for Samba? > > > > RichACLs'll do it, but I feel sorry for the admins :-). > > I was curious whether you can support that with any data (or even just > anecdotes) about real-world sysadmins. Just an anecdote, but I remember giving a talk to a room full of admins, all of whom told me it was essential for Samba to implement "full Windows ACL compatibility" (we were in the process of coding it up at the time). I asked them to tell me the difference between object inherit, container inherit, and inherit only. Only one hand remained up (out of a room containing a couple of hundred Windows admins). I asked him where he worked, and the reply was "the US Marine Corps." :-). > The NT-style ACLs give me a headache, honestly. But that may just be > because I've been involved with the implementation. Admins may have the > luxury of using only the subset that they're comfortable with. Yeah. I think most sites set a group as the owner of a share and the directory so exported, set the directory to inherit everything down below, and just leave it up to the members of that group without getting further involved :-). Jeremy. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists