1 |
On 11/06/18 09:54, Joerg Schilling wrote: |
2 |
> Wol's lists <antlists@××××××××××××.uk> wrote: |
3 |
> |
4 |
>> On 09/06/18 18:09, Rich Freeman wrote: |
5 |
> ... |
6 |
>>> downsides as well, in particular it is certainly more complex and at |
7 |
>>> work we practically forbid any kind of windows ACLs at anything other |
8 |
>>> than the top mount level because it is so hard to control. |
9 |
>> |
10 |
>> Windows is better than POSIX?! That doesn't say much for POSIX then, |
11 |
>> seeing as I feel Windows ACLs are overly complex and difficult! |
12 |
> |
13 |
> Well, "Windows ACLs" is the only ACL system that is standardized (as part of |
14 |
> the NFSv4 standard). The old proposal in POSIX.1e from 1993 from Sun has been |
15 |
> withdrawn in 1997 since the customers did not like it. |
16 |
> |
17 |
Ummm - just because it's standard doesn't mean it's any good :-) |
18 |
|
19 |
This version I'm talking about dates from about 1983. The company making |
20 |
it went bust in 1991. |
21 |
|
22 |
I've just had a quick look at the NFS v4 RFC, and almost the first thing |
23 |
I see is DENY entries. These ACLs don't have deny, because it's |
24 |
pointless. And DENY is exactly why I think Posix/Windows ACLs are |
25 |
confusing and hard to use. |
26 |
|
27 |
Cheers, |
28 |
Wol |