[nfsv4] Windows/NFSv4 ACL interoperability
davec-b at rogers.com
Tue Mar 28 14:25:34 GMT 2006
I'd like to suggest that acls are presented so badly that
they make people's brains explode (;-))
Many moons ago, my boss had to re-explain Multics ACLs
to me repeatedly, until finally one of his explanations
"clicked", and I thought about them that way ever since,
and was able to (laboriously!) construct acl commands
for VMS, PCs, etc.
If they were presented cleanly (as seems to be the
case in Gnome) and on the command-line, it would be
chmod u+x foo
might suggest that one could say
chacl davecb+x foo
to put a specific acl on foo for user davecb
which was the primary use of ACLs in practice
on both Multics and VMS.
Instead, we have
setfacl -m u:davecb:rwx foo
and it appears from getfacl if that did what I asked...
it didn't actually make foo executable.
So the goodness or badness of the design is inaccessible:
if you can't make it work, the design is irrelevant, or
perhaps by definition bad (;-))
If the Posix ACLs can be represented to humans in
a meaningful manner, I'd say to go with them.
Yoder, Alan wrote:
> I'd guess that these threads also prove that POSIX ACLs
> are "not usable or easily understood even by people with
> research degrees in computer science."
> Your assertion regarding usable security--which I agree
> with at the philosophical level--is tough to validate by
> looking at market acceptance of the alternatives.
> Alan G. Yoder agy at netapp.com
> Technical Staff
> Network Appliance, Inc. 408-822-6919
>>From: Jeremy Allison [mailto:jra at samba.org]
>>Sent: Monday, March 27, 2006 5:44 PM
>>To: J. Bruce Fields; Yoder, Alan; Gardere_Daniel at emc.com;
>>samba-technical at lists.samba.org; nfsv4 at ietf.org;
>>Roche_Francois at emc.com
>>Subject: Re: [nfsv4] Windows/NFSv4 ACL interoperability
>>On Mon, Mar 27, 2006 at 06:10:28PM -0600, Nicolas Williams wrote:
>>>The Windows ordering is done in the GUI/libraries, not in
>>>Cygwin has exploited this in the past to emulate POSIX
>>modes much as one
>>>might use this to emulate POSIX Draft ACLs.
>>>>So the problem is just with stuff like a posix user
>>setting a bunch of
>>>>long carefully crafted ACLs and then a Windows user not
>>being able to
>>>>read them and blowing them away in an attempt to modify them.
>>>>To a certain extent that kind of problem may be
>>unavoidable. But we may
>>>>have some control over how common it is and how
>>gracefully we fail.
>>>I agree. The right solution is to move away from POSIX Draft ACLs.
>>I disagree. POSIX draft ACLs are the right level of complexity for
>>administrators to handle, and the Gnome and KDE GUI's are starting
>>to be able to handle them. Windows ACLs are completely overdesigned
>>and (as these threads adequately prove), not usable or easily
>>even by people with research degrees in computer science.
>>In terms of *usable* security (which IMHO is the only kind
>>in the real world) POSIX ACLs are far superiour to Windows/NFSv4 ACLs.
David Collier-Brown, | Always do right. This will gratify
System Programmer and Author | some people and astonish the rest
davecb at spamcop.net | -- Mark Twain
More information about the samba-technical