Lord Isildur said:

>Another issue is, do we need file-level ACLs? would directory-granularity 
>ACL's (a la AFS) meet most peoples' requirements? 
>
>or, have we already decided this issue in the previous round of intense ACL
>debate a couple weeks ago?.. 

Separate file systems.

Check out this snippet from sys/acl.h on Solaris 2.6:

#define MAX_ACL_ENTRIES         (1024)  /* max entries of each type */
typedef struct acl {
        int             a_type;         /* the type of ACL entry */
        uid_t           a_id;           /* the entry in -uid or gid */
        o_mode_t        a_perm;         /* the permission field */
} aclent_t;

#define USER_OBJ        (0x01)          /* object owner */
#define USER            (0x02)          /* additional users */
#define GROUP_OBJ       (0x04)          /* owning group of the object */
#define GROUP           (0x08)          /* additional groups */
#define CLASS_OBJ       (0x10)          /* file group class and mask entry */
#define OTHER_OBJ       (0x20)          /* other entry for the object */
#define ACL_DEFAULT     (0x1000)        /* default flag */
/* default object owner */
#define DEF_USER_OBJ    (ACL_DEFAULT | USER_OBJ)
/* defalut additional users */
#define DEF_USER        (ACL_DEFAULT | USER)
/* default owning group */
#define DEF_GROUP_OBJ   (ACL_DEFAULT | GROUP_OBJ)
/* default additional groups */
#define DEF_GROUP       (ACL_DEFAULT | GROUP)
/* default mask entry */
#define DEF_CLASS_OBJ   (ACL_DEFAULT | CLASS_OBJ)
/* default other entry */
#define DEF_OTHER_OBJ   (ACL_DEFAULT | OTHER_OBJ)

Can you say "can of worms"?

-- 
Rick Kelly  rmk@rmkhome.com  www.rmkhome.com