[nfsv4] Windows/NFSv4 ACL interoperability
agy at netapp.com
Tue Mar 28 06:46:46 GMT 2006
I'd guess that these threads also prove that POSIX ACLs
are "not usable or easily understood even by people with
research degrees in computer science."
Your assertion regarding usable security--which I agree
with at the philosophical level--is tough to validate by
looking at market acceptance of the alternatives.
Alan G. Yoder agy at netapp.com
Network Appliance, Inc. 408-822-6919
> -----Original Message-----
> From: Jeremy Allison [mailto:jra at samba.org]
> Sent: Monday, March 27, 2006 5:44 PM
> To: J. Bruce Fields; Yoder, Alan; Gardere_Daniel at emc.com;
> samba-technical at lists.samba.org; nfsv4 at ietf.org;
> Roche_Francois at emc.com
> Subject: Re: [nfsv4] Windows/NFSv4 ACL interoperability
> On Mon, Mar 27, 2006 at 06:10:28PM -0600, Nicolas Williams wrote:
> > The Windows ordering is done in the GUI/libraries, not in
> the kernel.
> > Cygwin has exploited this in the past to emulate POSIX
> modes much as one
> > might use this to emulate POSIX Draft ACLs.
> > > So the problem is just with stuff like a posix user
> setting a bunch of
> > > long carefully crafted ACLs and then a Windows user not
> being able to
> > > read them and blowing them away in an attempt to modify them.
> > >
> > > To a certain extent that kind of problem may be
> unavoidable. But we may
> > > have some control over how common it is and how
> gracefully we fail.
> > I agree. The right solution is to move away from POSIX Draft ACLs.
> I disagree. POSIX draft ACLs are the right level of complexity for
> administrators to handle, and the Gnome and KDE GUI's are starting
> to be able to handle them. Windows ACLs are completely overdesigned
> and (as these threads adequately prove), not usable or easily
> even by people with research degrees in computer science.
> In terms of *usable* security (which IMHO is the only kind
> that matters
> in the real world) POSIX ACLs are far superiour to Windows/NFSv4 ACLs.
More information about the samba-technical