On 14.05.2013 20:48, Bolesław Tokarski wrote: > Hello, > >> good, that you took the challenge, because I hoped that there are >> linux solutions which can compete with Microsofts rights management. >> >> I am not a linux expert, but to compare what file/folder rights are >> possible on linux and windows I found for Linux: >> - read, write and execute rights to a specific user, group and >> for all other >> - with NFSv3 ACLs additional users can be configured to get >> "rwx"-rights, set with "setfacl" (which are listed as "+" if you do >> "ls -l") >> - nfs4 can maybe have more possibilities, but as you also >> wrote, it is not used, because of incompatibility and complexity of >> available solutions > > You might have misunderstood me. I know of a couple of broken NFSv4 > server code in NAS devices. If you have need for NFSv4, just make sure > you either have an up-to-date Linux OS on the NFSv4 server or a > well-implemented NAS device. > >> on Windonws NTFS we have the following 13 rights >> (http://technet.microsoft.com/en-us/library/cc787794%28v=ws.10%29.aspx) >> - Traverse Folder/Execute File, List Folder/Read Data, Read >> Attributes, Read Extended Attributes, Create Files/Write Data, Create >> Folders/Append Data, Write Attributes, Write Extended Attributes, >> Delete Subfolders and Files, Delete, Read Permissions, Change >> Permissions, Take Ownership, Synchronize > > It's not about the amount of ACLs. How often did you need to use those > special attributes like "Traverse Folder" or "Read Permissions"? If you > are interested in all-cool ACL entries, have a look at Novell's > filesystem and its network transport mechanism. It has 18 (!) rights. > Note these were created already for NetWare 4, released in 1993. I'd say > Windows is still behind that, so it seems they are behind like... 20 > years. See: > http://www.novell.com/documentation/oes/stor_filesys/?page=/documentation/oes/stor_filesys/data/bs3fkbm.html > > Actually Novell did this right back then and even their NDS (now called > eDirectory) released in 1993 was long before Microsoft decided to get > there with their Active Directory, that only started shipping with > Windows 2000 server. I believe Microsoft's win in this market was only > due to its workstation monopoly. > >> and most of them can be accomplished with rights on linux also, but >> for us functionalities like >> - rights inheritance on different levels > > You have inheritance on POSIX ACLs. See the --default option to setfacl.
POSIX ACLs don't match with CIFS ACLs, so it's not really an option to use them in a mixed environment. NFSv4 ACLs should work better, and there is a project to "merge" best of both worlds, richacl: http://www.bestbits.at/richacl/ ..but it's been a couple of years since I looked at it and it's still has not made it in the kernel, boo.. >> - authentication on access (NFSv3 only checks IP/hostname, but >> e.g. no kerberos token) > > Well, this basically crosses out NFSv3. You can use RPCSEC_GSS with v3 just fine. v4 generally works too, but there have been bugs in the past (10.04) which basically made it unsuitable for using $HOME on it (with krb5). AIUI those should be fixed by now.. -- t -- Mailing list: https://launchpad.net/~enterprise-ubuntu Post to : enterprise-ubuntu@lists.launchpad.net Unsubscribe : https://launchpad.net/~enterprise-ubuntu More help : https://help.launchpad.net/ListHelp
