Subject: Re: fs acl's
To: None <>
From: Brett Lymn <>
List: current-users
Date: 01/28/1998 21:26:28
According to Dustin Sallings:
>> I hesitate to think what happens with ACLs and NFS!

The last time I looked on Solaris it just did not happen....

>	*sigh* The more I think about it, the less useful it seems, really.  If
>I add myself to one more group, my SunOS machine gets very mad at me.

Hmmm you should be able to work around that with group sticky bits on
the directories.

>  My CVS
>repository is on a NetBSD machine, and there are a couple of people who share
>it with me.  I guess I could gain just as much by moving it to a Solaris
>machine for the things I need.  It just seemed like a neat idea.

If it is going to be done then please make them the POSIX semantics.
The Sun Solaris ACL's are overridden by the umask whereas posix says
they should not be - we have been bitten by this at work.  Suns
response, bless them, was to say they would try to have the posix spec
changed to match their implementation :-(   Note that this was with
2.5, I am not sure about 2.6

IMHO ACL's can be a handy thing to have, they give you the ability to
control access in a much more finely grained manner than you can with
the current unix permissions.  There are hard limits on the number of
groups that a user can be in which can be inconvenient in a complex
environment - ACL's can address this.

Brett Lymn, Computer Systems Administrator, British Aerospace Australia
  +++ Divide By Cucumber Error.  Please Reinstall Universe And Reboot +++
  - Hogfather, Terry Pratchett.