>>>>> "dd" == David Dyer-Bennet <d...@dd-b.net> writes:
dd> Okay, but the argument goes the other way just as well -- when
dd> I run "chmod 6400 foobar", I want the permissions set that
dd> specific way, and I don't want some magic background feature
dd> blocking me.
This will be true either way. Even if chmod isn't ignored, it will
reach into the nest of ACL's and mangle them in some non-obvious way
with unpredictable consequences, and the mangling will be implemented
by a magical background feature. AIUI if you really want the ACL's
cleared and thus the ACL-ignorant intent of your chmod implemented,
you have to use a bunch of ACL-specific commands and pay attention to
inheritance as well. What you're asking is that something happen when
you do the chmod, but you don't care WHAT happens so long as it's
SOMETHING. This is really dumb.
dd> Particulary if "I" am a complex system of scripts that wasn't
dd> even written locally.
Yeah no I really think you're on the wrong side of this one!
We must stop imagining we're running on a Unix filesystem. Once
you've added ACL's you're basically running on an NTFS and should not
expect chmod to work any more than we expect it to do anything sane
through ntfs-3g. The only reasonable goals are ``least surprise'' and
``maintainability''.
Implementing Unix permissions as a special subcase of NFSv4 ACL's is
good because it probably lets Windows clients make sense of the Unix
permissions better than Samba did? but it's a mistake to focus on
this one difficult case while disregarding the experiences of other
legacy clients, like for example on Linux if I mount something with
NFS **v3**, I get a bunch of + signs from GNU ls warning me there are
mysteryACL's (POSIX ones! more magical backgroudn translation!)
attached to every single file even though there aren't, and this
breaks a couple obscure scripts, like genkernel IIRC. The more
important downside though might be that it's led to a lot of fuzzy
compromises in the way people think about the whole disaster, and
probably will forever as long as new people keep showing up to the
party: much of the value of our legacy was pissed away through this
hubris.
pgpYqXMNictoq.pgp
Description: PGP signature
_______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
