[nfsv4] Windows/NFSv4 ACL interoperability
Jeremy Allison
jra at samba.org
Tue Mar 28 14:51:15 GMT 2006
On Mon, Mar 27, 2006 at 10:46:46PM -0800, Yoder, Alan wrote:
> I'd guess that these threads also prove that POSIX ACLs
> are "not usable or easily understood even by people with
> research degrees in computer science."
The problems we're having here are mapping between an
understandable ACL model (POSIX) to one no one fully
understands. I don't see any real questions as to how
the POSIX model works.
> Your assertion regarding usable security--which I agree
> with at the philosophical level--is tough to validate by
> looking at market acceptance of the alternatives.
Then why isn't NetApp running Microsoft Server Applience
kit ? Honestly, there are better reasons than "might makes
right". Most Windows environments I've seen make a group
owner of an area of a fileshare and completely delegate
the ACL administration to the group owning that region
of the filesystem. That's something we could (and Samba
has) learned from. But suggesting that Windows admins
understand how this ACL model interacts because it's
popular is false logic. It's popular because it's bundled
with a monopoly. That tends to skew the acceptance numbers
somewhat.
Jeremy.
More information about the samba-technical
mailing list