On Fri, 26 Feb 2010, Nicolas Williams wrote:
> Can you describe your struggles? What could we do to make it easier to
> use ACLs? Is this about chmod [and so random apps] clobbering ACLs? or
> something more fundamental about ACLs?
I understand and accept that ACL's are complicated, and have no issues with
that. My current struggle is that other than in a few restricted use cases,
they can not be relied on to serve their purpose, as it is far to easy for
an accidental chmod (frequently in an unexpected and unnoticed context) to
wipe them out.
Even Solaris itself is guilty of such:
http://mail.opensolaris.org/pipermail/zfs-discuss/2010-February/037249.html
If you're trying to use ACL's in a general purpose deployment involving
access by applications which are ACL-ignorant, and over NFS to other
operating systems which might not even have ACL's themselves, I do not
believe there is any way with the current implementation to do so
successfully. Something is going to run chmod on a file or directory, and
the ACL will be broken.
I've already posited as to an approach that I think would make a pure-ACL
deployment possible:
http://mail.opensolaris.org/pipermail/zfs-discuss/2010-February/037206.html
Via this concept or something else, there needs to be a way to configure
ZFS to prevent the attempted manipulation of legacy permission mode bits
from breaking the security policy of the ACL.
If anyone has thoughts on a different approach that would achieve the same
goal, I'd love to hear about it. But I'm not sure how you could do that as
long as the ACL is so easily mangled.
Thanks...
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | hen...@csupomona.edu
California State Polytechnic University | Pomona CA 91768
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
