1 |
On Tue, 2022-01-04 at 12:03 -0500, Mike Gilbert wrote: |
2 |
> |
3 |
> I disagree with the claim that "most people" should disable ACL |
4 |
> support at build time. That just gives you partially functional tools. |
5 |
> The ACL behavior can generally be controlled using runtime options. |
6 |
|
7 |
I understand why people would disagree in this case, but isn't that a |
8 |
an argument for having the flag? |
9 |
|
10 |
There are plenty of great uses for ACLs, but unless you're extremely |
11 |
knowledgeable, they also add a million new ways to compromise your |
12 |
system. For example, if you untar a file with a default-ACL'd directory |
13 |
in it and don't notice the little plus sign, you might wind up |
14 |
unknowingly creating world-writable files. Even if you do notice the |
15 |
ACL, you have to be an expert in the interaction between umask, |
16 |
permission bits, the ACL mask, effective permissions, conflicting ACLs, |
17 |
and all of the tools you're using to understand what will actually |
18 |
happen or how to properly fix it. It's not something normal people can |
19 |
handle. |
20 |
|
21 |
If you don't need them for anything, it's just nice not to have to |
22 |
worry about those issues. |