Subject: Re: ACL stuff
To: John F. Woods <>
From: Aleksi Suhonen <>
List: current-users
Date: 04/20/1995 22:34:06
In message  "John F. Woods" told

}-> What needs to be considered carefully is in which order and with what
}-> hierarchy does the ACL have wrt owner/group/other permissions ?

}-I think what makes the most sense is for the ACL to be inspected only if the
}-traditional mode word is 0 (modulo setXid bits).  The ACL system then has to
}-be flexible enough to easily implement "rwxrwxrwx except for barney, who gets
}-nothing", which would be the kind of thing you'd like to have ACLs interact
}-with the traditional mechanism for.

}-A slightly less extreme view might be to check the ACL system if the 3 bits
}-corresponding to your access to a file are zero, so that "rwxrwx--- + ACL"
}-could efficiently give permission to owner, group, and a handful of others.

I think that we should be able to do away with the traditional rwxrwxrwx
completely, because we can do the same (and so much more) with ACLs ...
the first two ACLs for a file (using HP-UX notation, since I personally
haven't seen ACLs anywhere else) would be owner.%+rwx and %.%+rwx. The
third might be %.(owner's group)+rwx ... And the rest would be "normal"
ACLs ...

	Aleksi Suhonen
(So far the best implementation idea IMESHO has been to add an optional
pointer to another inode that contains the ACLs for the inode (the pointer
is in ...))