inherit mode (was Where to submit patches?)

[Jeremy Allison]

Andy Bakun wrote:
> 
> When you say "per-directory" I assume that means you set "inherit mode" on the
> share, and then administrate the modes on the directories in the share
> individually.  I don't like the dot files idea either.

Yes. Dot files are a non-starter :-).

> I've gotten around the lack of inheriting permissions by forcing all my shares
> to 077x, and then defining groups composed of the people who can write to them,
> and using the setgid bit on the directories.  This gets extremely hairy
> maintaining all the groups -- thank god my user base is small.  It would be nice
> to have sub directories have permissions different than their parents, which as
> you know you can't currently do because you can only force modes on the entire
> share.  Obviously, it would not be good to use both inherit mode and force mode
> on the same share.

Now that brings up an interesting point. What should
the interaction between the two be ?

My gut feeling is to apply the permissions derived from "inherit"
first, instead of doing any ANDing with "create mask", then apply
any "force" modes. That way the force modes still don't cause any
suprises (ie. they still apply) and the "inherit" modes replace the
"create mask" AND process on directories with setgid and shares that
have "inherit" set ?

Comments ?

Jeremy.

-- 
--------------------------------------------------------
Buying an operating system without source is like buying
a self-assembly Space Shuttle with no instructions.
--------------------------------------------------------