I find myself agreeing with Paul on this one. We allow people to choose between filesystems, volume managers, password encryption algorithims, profiles, etc. Why not allow them to pick one file security model, another, or both?
Now, of course, the devil is in the details of implementation. Do we make it system wide (a la a setting in some file in /etc/security) or zpool of zfs dataset specific? I would think the most clean way would be to put it at the dataset level. fpsm On Tue, Mar 2, 2010 at 4:13 PM, Paul B. Henson <hen...@acm.org> wrote: > On Tue, 2 Mar 2010, Bill Sommerfeld wrote: > >> While we're designing on the fly: Another possibility would be to use an >> additional umask bit or two to influence the mode-bit - acl interaction. > > I've think trying to continue shoving a square page into a round hole is > simply the wrong thing to do; rather than trying to force together > different security models, allow an option getting rid of the security > model not desired, letting the other one "just work". > > > -- > Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ > Operating Systems and Network Analyst | hen...@csupomona.edu > California State Polytechnic University | Pomona CA 91768 > _______________________________________________ > zfs-discuss mailing list > zfs-discuss@opensolaris.org > http://mail.opensolaris.org/mailman/listinfo/zfs-discuss > _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
