"Paul B. Henson" <hen...@acm.org> writes: > On Tue, 2 Mar 2010, Kjetil Torgrim Homme wrote: > >> no. what happens when an NFS client without ACL support mounts your >> filesystem? your security is blown wide open. the filemode should >> reflect the *least* level of access. if the filemode on its own allows >> more access, then you've lost. > > Say what? > > If you're using secure NFS, access control is handled on the server > side. If an NFS client that doesn't support ACL's mounts the > filesystem, it will have whatever access the user is supposed to have, > the lack of ACL support on the client is immaterial.
this is true for AUTH_SYS, too, sorry about the bad example. but it doesn't really affect my point. if you just consider the filemode to be the lower bound for access rights, aclmode=passthrough will not give you any nasty surprises regardless of what clients do, *and* an ACL-ignorant client will get the behaviour it needs and wants. win-win! >> if your ACLs are completely specified and give proper access on their >> own, and you're using aclmode=passthrough, "chmod -R 000 /" will not >> harm your system. > > Actually, it will destroy the three special ACE's, user@, group@, and > every...@. On the other hand, with a hypothetical aclmode=ignore or > aclmode=deny, such a chmod would indeed not harm the system. you're not using those, are you? they are a direct mapping of the old style permissions, so it would be pretty weird if they were allowed to diverge. >> if you have rogue processes doing "chmod a+rwx" or other nonsense, you >> need to fix the rogue process, that's not an ACL problem or a problem >> with traditional Unix permissions. > > What I have are processes that don't know about ACL's. Are they > broken? Not in and of themselves, they are simply incompatible with a > security model they are unaware of. you made that model. > Why on earth would I want to go and try to make every single > application in the world ACL aware/compatible instead of simply having > a filesystem which I can configure to ignore any attempt to manipulate > legacy permissions? you don't have to. just subscribe to the principle of least security, and it just works. >> not at all. you just have to use them correctly. > > I think we're just not on the same page on this; while I am not saying > I'm on the right page, it does seem you need to do a little more > reading up on how ACL's work. nice insult. -- Kjetil T. Homme Redpill Linpro AS - Changing the game _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
