| 1 |
On Tue, 2022-01-04 at 12:03 -0500, Mike Gilbert wrote: |
| 2 |
> |
| 3 |
> I disagree with the claim that "most people" should disable ACL |
| 4 |
> support at build time. That just gives you partially functional tools. |
| 5 |
> The ACL behavior can generally be controlled using runtime options. |
| 6 |
|
| 7 |
I understand why people would disagree in this case, but isn't that a |
| 8 |
an argument for having the flag? |
| 9 |
|
| 10 |
There are plenty of great uses for ACLs, but unless you're extremely |
| 11 |
knowledgeable, they also add a million new ways to compromise your |
| 12 |
system. For example, if you untar a file with a default-ACL'd directory |
| 13 |
in it and don't notice the little plus sign, you might wind up |
| 14 |
unknowingly creating world-writable files. Even if you do notice the |
| 15 |
ACL, you have to be an expert in the interaction between umask, |
| 16 |
permission bits, the ACL mask, effective permissions, conflicting ACLs, |
| 17 |
and all of the tools you're using to understand what will actually |
| 18 |
happen or how to properly fix it. It's not something normal people can |
| 19 |
handle. |
| 20 |
|
| 21 |
If you don't need them for anything, it's just nice not to have to |
| 22 |
worry about those issues. |
Archives