From: john stultz <johnstul@us.ibm.com>
To: Werner Almesberger <wa@almesberger.net>
Cc: lkml <linux-kernel@vger.kernel.org>
Subject: Re: What's left over.
Date: 31 Oct 2002 14:32:12 -0800 [thread overview]
Message-ID: <1036103533.12714.71.camel@cog> (raw)
In-Reply-To: <20021031184933.B2599@almesberger.net>
On Thu, 2002-10-31 at 13:49, Werner Almesberger wrote:
> john stultz wrote:
> > groups for each project, I have no clue how anyone would be able to
> > handle the (unix)group management required. ACLs let the users
> > themselves manage what people got what access to their data.
>
> Note that POSIX ACLs don't seem to solve this either: they only
> let you control access in terms of existing users or groups.
I've never looked at the POSIX ACL spec, so forgive my ignorance.
> IMHO, this is one of the standard pitfalls of ACLs: if they don't
> let you aggregate information, you quickly end up with huge ACLs
> hanging off every file, and each of those ACLs wants to be
> carefully maintained. I've seen a lot of this in my VMS days.
> (Unix is a bit better, because you can control access at a
> directory level, while VMS needs the ACL on each file, because
> you can open files directly by VMS' equivalent to an inode
> number, without traversing the directory hierarchy. Of course,
> many users didn't know that :-)
While it would be nice to have user-definable ACL groups ("my friends"
or "History 255 TAs") in addition to existing users and groups, I still
don't find this to be critical. Sure, it adds (possibly quite a bit of)
extra data to every file, but it gives you the granularity you need for
the situation I described. It seems like user-definable ACL groups
would be a nice extra feature on top of existing users or groups, but
not a necessity.
> To make ACLs truly scalable, it would be nice to be able to
> express permissions in terms of access to other filesystem
> objects. E.g. "everybody who can read file ~me/acls/my_friends
> can write the directory on which this ACE hangs". This should
> work like a symlink, i.e. if I add new friends to my_friends, I
> don't have to update all my ACLs.
Ugh, that seems dangerous. Too many forgotten ACL links and then I could
accidentally give a vague acquaintance access to all my data meant for
close friends.
Regardless, while ACLs do result in extra data per file being used, it
is my understanding that ACLs allow you to solve problems that currently
aren't solvable w/o administrator intervention. In my experience using
them w/ AFS, they have been extremely useful.
-john
next prev parent reply other threads:[~2002-10-31 22:26 UTC|newest]
Thread overview: 331+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-10-31 2:07 What's left over Rusty Russell
2002-10-31 2:31 ` Linus Torvalds
2002-10-31 2:43 ` Alexander Viro
2002-10-31 16:36 ` Oliver Xymoron
2002-10-31 17:04 ` Stephen Frost
2002-10-31 17:38 ` Linus Torvalds
2002-10-31 18:00 ` Oliver Xymoron
2002-11-06 20:52 ` Florian Weimer
2002-10-31 22:57 ` Pavel Machek
2002-10-31 22:28 ` Xavier Bestel
2002-10-31 23:08 ` Pavel Machek
2002-11-01 9:55 ` Miquel van Smoorenburg
2002-10-31 3:00 ` Rusty Russell
2002-10-31 3:19 ` tridge
2002-10-31 6:21 ` Chris Wedgwood
2002-11-05 3:38 ` Andreas Gruenbacher
2002-10-31 3:22 ` Christoph Hellwig
2002-10-31 3:31 ` tridge
2002-10-31 10:15 ` Joe Thornber
2002-10-31 14:26 ` Jeff Garzik
2002-10-31 14:55 ` Alan Cox
2002-10-31 21:14 ` Rusty Russell
2002-11-01 8:20 ` Joe Thornber
2002-10-31 11:03 ` Geert Uytterhoeven
2002-10-31 21:17 ` James Simmons
2002-10-31 3:06 ` Rik van Riel
2002-10-31 3:19 ` Stephen Frost
2002-10-31 21:09 ` john stultz
2002-10-31 21:49 ` Werner Almesberger
2002-10-31 22:32 ` john stultz [this message]
2002-10-31 22:54 ` Werner Almesberger
2002-11-01 0:54 ` john stultz
2002-11-01 1:31 ` Werner Almesberger
2002-11-05 3:58 ` Andreas Gruenbacher
2002-10-31 6:22 ` Chris Wedgwood
2002-10-31 6:48 ` Dax Kelson
2002-10-31 6:56 ` Chris Wedgwood
2002-10-31 14:31 ` Jeff Garzik
2002-10-31 18:12 ` Chris Wedgwood
2002-10-31 18:49 ` Linus Torvalds
2002-10-31 19:43 ` Chris Wedgwood
2002-11-01 15:25 ` Linus Torvalds
2002-11-01 15:35 ` bert hubert
2002-11-01 15:50 ` Gerald Britton
2002-11-01 18:17 ` Matt Porter
2002-11-01 16:15 ` Michael Clark
2002-11-01 16:16 ` Erik Andersen
2002-11-01 20:43 ` romieu
2002-10-31 18:28 ` Nicholas Wourms
2002-10-31 18:58 ` Alexander Viro
2002-10-31 19:14 ` Nicholas Wourms
2002-10-31 19:20 ` Alan Cox
2002-10-31 19:17 ` Nicholas Wourms
2002-10-31 20:45 ` Jeff Garzik
2002-11-01 6:00 ` James Morris
2002-10-31 7:10 ` Alexander Viro
2002-10-31 7:21 ` Dax Kelson
2002-10-31 7:42 ` Alexander Viro
2002-10-31 16:24 ` Stephen Wille Padnos
2002-10-31 16:44 ` Alexander Viro
2002-10-31 17:11 ` Stephen Frost
2002-10-31 17:30 ` Alexander Viro
2002-10-31 17:39 ` Linus Torvalds
2002-10-31 17:36 ` Richard Gooch
2002-11-02 17:35 ` LA Walsh
2002-11-02 20:44 ` Chris Wedgwood
2002-10-31 22:53 ` Pavel Machek
2002-10-31 9:44 ` Lech Szychowski
2002-10-31 3:14 ` Karim Yaghmour
2002-10-31 16:00 ` LTT for inclusion into 2.5 bob
2002-10-31 16:19 ` Is your idea good? [was: Re: LTT for inclusion into 2.5] Larry McVoy
2002-10-31 16:38 ` Cort Dougan
2002-10-31 16:47 ` bob
2002-10-31 17:35 ` Karim Yaghmour
2002-10-31 3:21 ` What's left over Stephen Lord
2002-10-31 3:59 ` Andreas Dilger
2002-10-31 4:20 ` Patrick Finnegan
2002-10-31 4:25 ` Christoph Hellwig
2002-10-31 4:31 ` Patrick Finnegan
2002-10-31 5:13 ` Dax Kelson
2002-10-31 6:07 ` [PATCH] kexec for 2.5.45 Eric W. Biederman
2002-10-31 6:25 ` What's left over Matt D. Robinson
2002-10-31 15:46 ` Linus Torvalds
2002-10-31 17:10 ` Patrick Finnegan
2002-10-31 17:13 ` Michael Shuey
2002-10-31 19:04 ` Alan Cox
2002-10-31 19:42 ` Michael Shuey
2002-11-01 22:25 ` Pavel Machek
2002-11-02 13:30 ` Michael Shuey
2002-10-31 17:18 ` Matt D. Robinson
2002-10-31 17:25 ` Linus Torvalds
2002-10-31 17:54 ` Matt D. Robinson
2002-10-31 17:54 ` Linus Torvalds
2002-10-31 18:21 ` Patrick Finnegan
2002-10-31 18:31 ` John Alvord
2002-11-02 23:44 ` Horst von Brand
2002-11-03 1:14 ` Matt D. Robinson
2002-10-31 18:10 ` Chris Friesen
2002-10-31 18:22 ` Linus Torvalds
2002-10-31 20:59 ` Dave Anderson
2002-10-31 21:49 ` Oliver Xymoron
2002-11-01 1:25 ` [lkcd-devel] " Matt D. Robinson
2002-11-01 6:34 ` Bill Davidsen
2002-11-01 13:26 ` Alan Cox
2002-11-01 19:00 ` Joel Becker
2002-11-01 19:18 ` Linus Torvalds
2002-11-01 20:06 ` Steven King
2002-11-02 5:17 ` Bill Davidsen
2002-11-02 5:36 ` Zwane Mwaikambo
2002-11-03 14:08 ` Bill Davidsen
2002-11-02 15:29 ` Alan Cox
2002-11-03 1:24 ` [lkcd-general] " Matt D. Robinson
2002-11-03 1:49 ` Alan Cox
2002-11-03 9:34 ` [lkcd-devel] " Matt D. Robinson
2002-11-03 14:33 ` Bill Davidsen
2002-11-03 15:34 ` Bernd Eckenfels
2002-11-03 16:32 ` Alan Cox
2002-11-03 17:08 ` [lkcd-devel] " Matt D. Robinson
2002-11-05 18:07 ` Bill Davidsen
2002-11-03 3:10 ` Christoph Hellwig
2002-11-01 20:21 ` David Lang
2002-11-01 22:25 ` Werner Almesberger
2002-11-01 22:42 ` Karim Yaghmour
2002-11-01 22:54 ` Werner Almesberger
2002-11-01 23:10 ` Karim Yaghmour
2002-11-01 20:22 ` [lkcd-devel] " Matt D. Robinson
2002-11-02 13:02 ` Kai Henningsen
2002-11-01 20:37 ` Hugh Dickins
2002-11-02 18:23 ` Geert Uytterhoeven
2002-11-03 2:25 ` Horst von Brand
2002-11-04 16:18 ` Hugh Dickins
2002-11-03 13:48 ` Bill Davidsen
2002-11-03 14:26 ` yodaiken
2002-11-05 17:09 ` Bill Davidsen
2002-11-05 17:36 ` yodaiken
2002-11-04 2:44 ` [lkcd-general] " Jennie Haywood
2002-11-04 14:45 ` Henning P. Schmiedehausen
2002-11-04 15:29 ` Alan Cox
2002-11-04 15:27 ` Henning P. Schmiedehausen
2002-11-04 15:38 ` Patrick Finnegan
2002-11-04 16:51 ` Henning P. Schmiedehausen
2002-11-05 4:57 ` Werner Almesberger
2002-10-31 18:50 ` Alan Cox
2002-10-31 21:33 ` Rusty Russell
2002-11-01 1:19 ` [lkcd-devel] " Matt D. Robinson
2002-11-01 2:59 ` Rusty Russell
2002-10-31 18:15 ` Andrew Morton
2002-10-31 19:58 ` Bernhard Kaindl
2002-11-02 0:49 ` What's left over. - Dave's crash code supports a gdb interface for LKCD crash dumps Piet Delaney
2002-10-31 18:16 ` What's left over Oliver Xymoron
2002-10-31 18:26 ` Linus Torvalds
2002-10-31 18:49 ` Rik van Riel
2002-10-31 21:02 ` Jeff Garzik
2002-10-31 22:37 ` Werner Almesberger
2002-11-05 11:42 ` [lkcd-devel] " Suparna Bhattacharya
2002-11-05 18:00 ` Werner Almesberger
2002-11-05 18:36 ` Alan Cox
2002-11-05 19:19 ` Werner Almesberger
2002-11-05 20:10 ` Alan Cox
2002-11-05 23:25 ` Werner Almesberger
2002-11-06 0:21 ` Andy Pfiffer
2002-11-06 1:10 ` Werner Almesberger
2002-11-06 1:37 ` Alexander Viro
2002-11-06 2:05 ` Werner Almesberger
2002-11-07 6:04 ` Eric W. Biederman
2002-11-07 12:17 ` Werner Almesberger
2002-11-06 4:07 ` Eric W. Biederman
2002-11-06 4:47 ` Eric W. Biederman
2002-11-06 19:24 ` Rob Landley
2002-11-10 18:35 ` Pavel Machek
2002-11-06 2:48 ` Eric W. Biederman
2002-11-06 4:29 ` Eric W. Biederman
2002-11-06 6:25 ` Linus Torvalds
2002-11-06 6:38 ` Suparna Bhattacharya
2002-11-06 7:48 ` Eric W. Biederman
2002-11-06 9:11 ` Suparna Bhattacharya
2002-11-06 22:05 ` Michal Jaegermann
2002-11-06 16:13 ` Eric W. Biederman
2002-11-07 8:50 ` Eric W. Biederman
2002-11-07 15:44 ` Linus Torvalds
2002-11-09 23:05 ` Eric W. Biederman
2002-11-09 23:33 ` Linus Torvalds
2002-11-10 1:37 ` Eric W. Biederman
2002-11-10 2:12 ` Alan Cox
2002-11-10 2:16 ` Eric W. Biederman
2002-11-10 3:03 ` Werner Almesberger
2002-11-10 3:23 ` Eric W. Biederman
2002-11-10 14:30 ` Alan Cox
2002-11-10 16:56 ` Eric W. Biederman
2002-11-10 3:17 ` Linus Torvalds
2002-11-10 4:26 ` Eric W. Biederman
2002-11-10 18:07 ` Kexec 2.5.46-b6 Eric W. Biederman
2002-11-11 18:03 ` [lkcd-devel] Re: What's left over Eric W. Biederman
2002-11-11 18:15 ` Kexec for v2.5.47 Eric W. Biederman
2002-11-11 22:52 ` Kexec for v2.5.47 (test feedback) Andy Pfiffer
2002-11-12 7:22 ` Eric W. Biederman
2002-11-13 0:48 ` Andy Pfiffer
2002-11-13 4:16 ` Eric W. Biederman
2002-11-13 13:26 ` Kexec for v2.5.47-bk2 Eric W. Biederman
2002-11-15 9:24 ` Suparna Bhattacharya
2002-11-15 14:14 ` Eric W. Biederman
2002-11-15 14:37 ` Werner Almesberger
2002-11-20 9:44 ` Suparna Bhattacharya
2002-11-20 17:28 ` Eric W. Biederman
2002-11-18 0:07 ` [ANNOUNCE] kexec-tools-1.6 released Eric W. Biederman
2002-11-18 5:46 ` Eric W. Biederman
2002-11-18 8:53 ` [ANNOUNCE][CFT] kexec for v2.5.48 && kexec-tools-1.7 Eric W. Biederman
2002-11-19 1:10 ` [ANNOUNCE][CFT] kexec for v2.5.48 && kexec-tools-1.7 -- Success Story! Andy Pfiffer
2002-11-19 10:25 ` Eric W. Biederman
2002-11-19 17:21 ` Andy Pfiffer
2002-11-19 17:34 ` Eric W. Biederman
2002-11-19 18:17 ` Martin J. Bligh
2002-11-20 9:19 ` Eric W. Biederman
2002-11-19 19:29 ` Andy Pfiffer
2002-11-20 8:49 ` Suparna Bhattacharya
2002-11-20 9:17 ` Eric W. Biederman
2002-11-20 11:59 ` Suparna Bhattacharya
2002-11-20 15:05 ` Werner Almesberger
2002-11-20 16:48 ` Eric W. Biederman
2002-11-19 2:15 ` [ANNOUNCE][CFT] kexec for v2.5.48 && kexec-tools-1.7 Dave Hansen
2002-11-19 10:13 ` Eric W. Biederman
2002-11-19 15:28 ` Martin J. Bligh
2002-11-19 17:44 ` Eric W. Biederman
2002-11-19 16:24 ` Dave Hansen
2002-11-19 17:33 ` Linus Torvalds
2002-11-19 17:48 ` Eric W. Biederman
2002-11-19 17:54 ` Dave Jones
2002-11-19 17:42 ` Eric W. Biederman
2002-12-02 4:41 ` [ANNOUNCE] kexec-tools-1.8 Eric W. Biederman
2002-12-03 2:30 ` Dave Hansen
2002-12-03 7:35 ` Eric W. Biederman
2002-12-13 2:00 ` Dave Hansen
2002-12-02 15:54 ` Eric W. Biederman
2002-11-09 23:39 ` [lkcd-devel] Re: What's left over Randy.Dunlap
2002-11-10 2:58 ` Eric W. Biederman
2002-11-10 14:35 ` Alan Cox
2002-11-10 18:13 ` Eric W. Biederman
2002-11-10 1:31 ` Werner Almesberger
2002-11-10 3:10 ` Eric W. Biederman
2002-11-10 3:30 ` Werner Almesberger
2002-11-10 3:49 ` Eric W. Biederman
2002-11-10 3:49 ` Linus Torvalds
2002-11-10 2:08 ` Alan Cox
2002-11-10 2:18 ` Eric W. Biederman
2002-11-10 14:31 ` Alan Cox
2002-11-07 15:48 ` Linus Torvalds
2002-11-07 19:32 ` kexec (was: [lkcd-devel] Re: What's left over.) Andy Pfiffer
2002-11-07 22:13 ` Andy Pfiffer
2002-11-07 22:56 ` Werner Almesberger
2002-11-11 17:03 ` Bill Davidsen
[not found] ` <200211080536.31287.landley@trommello.org>
2002-11-11 17:58 ` Andy Pfiffer
2002-11-11 18:25 ` Eric W. Biederman
2002-11-08 18:01 ` [lkcd-devel] Re: What's left over Alan Cox
2002-11-09 21:21 ` Pavel Machek
2002-11-11 16:27 ` Eric W. Biederman
2002-11-01 1:35 ` Matt D. Robinson
2002-11-01 2:06 ` Jeff Garzik
2002-11-01 3:46 ` Matt D. Robinson
2002-11-01 4:45 ` Linus Torvalds
2002-11-01 4:57 ` Patrick Finnegan
2002-11-01 9:18 ` Henning P. Schmiedehausen
2002-11-01 14:55 ` Patrick Finnegan
2002-11-01 15:16 ` Alexander Viro
2002-11-01 15:27 ` Patrick Finnegan
2002-11-01 16:16 ` Patrick Finnegan
2002-11-01 16:32 ` Larry McVoy
2002-11-01 16:44 ` Linux without Linus was " Brian Jackson
2002-11-01 16:58 ` Paul Fulghum
2002-11-01 19:14 ` Shawn
2002-11-01 19:36 ` Shawn
2002-11-01 17:56 ` Nicolas Pitre
2002-11-01 18:23 ` Shane R. Stixrud
2002-11-01 19:18 ` John Alvord
2002-11-04 2:13 ` Rob Landley
2002-11-04 14:58 ` Patrick Finnegan
2002-11-04 12:59 ` Rob Landley
2002-11-01 15:32 ` Richard B. Johnson
2002-11-01 13:30 ` Alan Cox
2002-11-01 22:28 ` Rusty Russell
2002-11-01 6:27 ` Bill Davidsen
2002-11-01 6:36 ` Linus Torvalds
2002-11-01 7:00 ` [lkcd-devel] " Castor Fu
2002-11-01 8:23 ` Craig I. Hagan
2002-11-01 14:03 ` Patrick Finnegan
2002-11-02 4:57 ` Bill Davidsen
2002-11-01 13:28 ` Alan Cox
2002-11-02 5:00 ` Bill Davidsen
2002-11-02 15:30 ` Alan Cox
2002-11-02 18:55 ` Arnaldo Carvalho de Melo
2002-11-02 19:19 ` romieu
2002-11-02 19:21 ` Arnaldo Carvalho de Melo
2002-11-02 19:32 ` romieu
2002-11-02 19:42 ` Arnaldo Carvalho de Melo
2002-11-02 20:23 ` romieu
2002-11-02 20:31 ` Alan Cox
2002-11-02 20:12 ` Arnaldo Carvalho de Melo
2002-11-01 9:20 ` Henning P. Schmiedehausen
2002-11-01 13:29 ` Alan Cox
2002-10-31 22:20 ` Shawn
2002-10-31 23:14 ` [lkcd-general] " Bernhard Kaindl
2002-11-01 2:01 ` Matt D. Robinson
2002-11-02 10:36 ` Brad Hards
2002-11-02 19:28 ` [lkcd-devel] " Matt D. Robinson
2002-10-31 17:55 ` [lkcd-general] " Dave Craft
2002-10-31 18:45 ` Patrick Mochel
2002-10-31 19:16 ` Stephen Hemminger
2002-10-31 19:57 ` george anzinger
2002-10-31 20:48 ` Stephen Hemminger
2002-10-31 19:33 ` [lkcd-devel] " Castor Fu
2002-10-31 7:46 ` Ville Herva
2002-10-31 9:23 ` Geert Uytterhoeven
2002-10-31 9:39 ` Ville Herva
2002-10-31 10:16 ` Trever L. Adams
2002-10-31 18:08 ` Nicholas Wourms
2002-10-31 13:36 ` mbs
2002-10-31 14:21 ` Chris Friesen
2002-10-31 14:52 ` Suparna Bhattacharya
2002-10-31 16:37 ` Henning P. Schmiedehausen
2002-11-01 0:52 ` James Simmons
2002-11-01 10:24 ` What's left over. (Fbdev rewrite) Helge Hafting
2002-11-05 17:29 ` kexec (was: Re: What's left over.) Werner Almesberger
2002-11-05 18:10 ` Benjamin LaHaise
2002-11-05 19:06 ` Martin J. Bligh
-- strict thread matches above, loose matches on Subject: below --
2002-10-31 14:46 What's left over Richard J Moore
2002-10-31 15:47 ` Jamie Lokier
2002-10-31 14:56 Richard J Moore
2002-10-31 15:12 ` Lars Marowsky-Bree
2002-10-31 16:39 Dr. Greg Wettstein
[not found] <Pine.LNX.4.44.0210301823120.1396-100000@home.transmeta.com.suse.lists.linux.kernel>
[not found] ` <20021031030143.401DA2C150@lists.samba.org.suse.lists.linux.kernel>
2002-10-31 17:25 ` Andi Kleen
2002-11-01 1:08 ` Rusty Russell
2002-10-31 22:47 Perez-Gonzalez, Inaky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1036103533.12714.71.camel@cog \
--to=johnstul@us.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=wa@almesberger.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox