On Tue, Sep 06, 2005 at 09:26:02AM -0700, Jason Thorpe wrote:
> 
> On Sep 6, 2005, at 4:48 AM, Pavel Cahyna wrote:
> 
> >On Mon, 05 Sep 2005 18:10:43 -0700, Jason Thorpe wrote:
> >
> >>No, it does not.  I would strongly DISCOURAGE adopting the ACL model
> >>used by FreeBSD.  The ACL model used in Mac OS X 10.4 is MUCH better.
> >
> >Why do you consider it better? It has more features, sure, but to  
> >me, it
> >seems to be too complicated to be practical.
> 
> Finer-grained control.  Also, the way it is implemented (the  
> infrastructure in the kernel / VFS layer for evaluating permissions)  
> is much nicer than the traditional BSD way.

I don't know anything about the implementation, but regarding the ACL
model, from my reading of the manual pages and my experience with NT, this
model still has the basic problem that inheritable permissions on
directories don't automatically propagate to contained subdirectories and
files. You have to reset inherited permissions on those subobjects
manually. Novell Netware ACLs don't suffer from this problem.

> >BTW I think you misspelled it - you wrote "Mac OS X", while you should
> >have written "NT" :-)
> 
> NT doesn't have an implementation we can draw useful ideas from :-)

Mac OS X that you cites isn't an implementation of NT ACL model? From my
experience with NT, those Mac OS X ACLs are exactly or almost identical to
it.

Bye	Pavel