On 2016-03-15 at 21:17 +0100, Volker Lendecke wrote: > On Tue, Mar 15, 2016 at 08:45:14AM -0700, Jeremy Allison wrote: > > On Tue, Mar 15, 2016 at 12:11:03AM -0700, Christoph Hellwig wrote: > > > People have long learned that we only have 'alloc' permissions. Any > > > model that mixes allow and deny ACE is a mistake. > > > > People can also learn and change though :-). One of the > > biggest complaints people deploying Samba on Linux have is the > > incompatible ACL models. > > Just to confirm: I see this a lot in the field. NFSv4 ACLs, while not a > perfect match for NTFS ACLs are a lot closer much more usable to people > who want to serve Windows clients. > > Also in the pure linux world there is a lot that you can not express > with just rwx, sgid, sticky bits and friends. If you want the additional > functionality of the richacl bits, I would call it a big mistake to > omit negative aces, if just for the reason not to create yet another > ACLs flavor. > > > Whilst I have sympathy with your intense dislike of the > > Windows ACL model, this comes down to the core of "who > > do we serve ?" > > The world has enough confusion around ACL semanics, please do not add > more to it by creating your own model of the day. Exacty: Like it or not, Windows ACLs are a fact. And the approximation by the NFSv4 ACLs is getting closer and closer with each iteration... ;-) So it is not only that Windows world looking into this. As Volker and Jeremy have pointed out, the lack of ACL semantics is one of things the users of Samba complain about most bitterly. While Samba can work around it when it is acting exclusively on the files, this is not an option when NFS or other protocols are to access the data concurrently. In that case we need more precision down in the file system. So because they make use of *existing* formats and semantics, I think Andreas' richacls are just the way to go, as alien as they may seem from the pure linux filesystem point of view at first. Cheers - Michael
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs