On Mon, Mar 12, 2001 at 12:08:49PM -0800, Simon J. Gerraty wrote:
> 
> I can't help feeling that ACL's are pointless if they can be by-passed
> so storing them in the FS and enforcing them in the kernel seem to me the
> only viable approach.  Using an FS overlay is fine though for developing
> the service.  As to the old fsck issue "don't do that" is probably the 
> right solution ;-)

Would you please explain to me why ACLs stored in the physical filesystem
and enforced in the kernel cannot be bypassed if ACLs stored in a
layered filesystem and enforced in the kernel can?

Oh -- do please keep in mind, while constructing your response, that if
you can unmount one filesystem, you can presumably unmount them all.

-- 
Thor Lancelot Simon	                                      tls@rek.tjls.com
    And now he couldn't remember when this passion had flown, leaving him so
  foolish and bewildered and astray: can any man?
						   William Styron