ACL database

David Collier-Brown davecb at
Tue Mar 27 12:36:54 GMT 2001

Jeremy Allison wrote:
> > What is missed out on by using POSIX ACLs?
> POSIX ACLs only have rwx bits, not all the complex
> bits NT ACLs have. But very few people understand
> or use the complex bits in NT ACLs, so you won't
> be losing much.

	In fact, most people use only two ACLs
	of any sort:
		1) grant user X some permission (r, rw)
		2) deny user Y some permission (r)
	and the second is rare.

	In a customer site using acls heavily,
	we saw 99.999% grant, and ~.001 deny, and
	one acl entry that wasn't one of these two.

	My leaky brain says that was also true of Multics,
	except when setting up initial (default) ACLS
	on project directories: they you saw group
	acls being set to r or rw by sysadmins.

David Collier-Brown,           | Always do right. This will gratify 
Performance & Engineering Team | some people and astonish the rest.
Americas Customer Engineering  |                      -- Mark Twain
(905) 415-2849                 | davecb at

More information about the samba-technical mailing list