> Also: If the administrator doesn't want the users to be able to share then
> the administrator needs mandatory access controls. MAC controls would put
> the users into separate compartments which would prevent sharing access. But
> MAC is still another topic (I'm in favor of it though).
>
> ACLs are descretionary - the user has control over ACL entries, not the
> administrator.
Perhaps they could be a 'config' option, so if you really don't want
them you don't have to have them. However, even in a compartmentalized
environment I could see legitimate room for ACLs. If you want things completely
compartmentalized, let everyone operate in a chroot'ed environment where they
have their own sets of passwd files, and filesystems for that matter. In any
case, what it sounds like you're doing really is trying to protect the user
from himself, which is not what I generally consider, and I don't think is
what we really want to go for. When someone deletes a file, it goes away,
forever, it doesn't go into a recycle bin that the user can get it back out
of.
> > > Also, things are
> > > far more complex to review if any user can give access to anyone through
> > > acls. The acls are not seen directly with ls
> >
> > ls is fixable. Possibly by extending "ls -l" to show acl's or at
> > least indicate in some way that acl's are present. The latter may
> > be preferable to avoid script incompatibilities, sonething like this:
> > Arw-r--r-- 1 helge helge 140 Feb 9 1999 .bash_profile
> > The 'A' indicates that acl(s) are present, the user may then use
> > something like "ls --acl" and get the full acl information.
>
> Due to the possible size of the ACL (it is a list, after all), the UNIX
> ls command should not try to implement a "--acl". They could list up
> to 256 ACL entries, which would definitely be a pain in a "ls -R --acl".
> They only show a flag to indicate an ACL exists. It would be up to the
> user to select an appropriate utility to display the ACL for a file/directory.
>
> Consider: ls is used as a search tool to locate certain files that match a
> pattern. To exend ls to be able to search an ACL to match a pattern would
> be unreasonable; but it is reasonable for a dedicated utility.
If you don't want to look for ACLs, don't use --acl... Also, find
is more of what I would call a 'search tool', and would be able to be
modified to handle ACLs. I don't believe it would even be too hard, find
already offers all kinds of things to match against, adding another for
ACLs shouldn't be impossible.
Stephen
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/