Newsgroups: comp.sys.apollo
Path: utzoo!utgpu!news-server.csri.toronto.edu!helios.physics.utoronto.ca!alchemy.chem.utoronto.ca!system
From: system@alchemy.chem.utoronto.ca (System Admin (Mike Peterson))
Subject: Re: APR's in general (long)
Message-ID: <1991Jan30.183720.16113@alchemy.chem.utoronto.ca>
Organization: University of Toronto Chemistry Department
References: <9101281715.AA16081@hwcae.cfsat.honeywell.com> <1991Jan28.190504.28488@alchemy.chem.utoronto.ca> <4f80225e.1bc5b@pisa.ifs.umich.edu>
Date: Wed, 30 Jan 1991 18:37:20 GMT

In article <4f80225e.1bc5b@pisa.ifs.umich.edu> rees@citi.umich.edu (Jim Rees) writes:
>In article <1991Jan28.190504.28488@alchemy.chem.utoronto.ca>, system@alchemy.chem.utoronto.ca (System Admin (Mike Peterson)) writes:
>
>  I agree completely - "use Aegis" should never be offered by Apollo
>  as a response, and certainly should not be accepted by a user.
>
>Hey, wait a minute -- this problem resulted precisely because the user DID
>use Aegis, and set a non-bsd acl on a directory.

Not necessarily - you can (and we do) set any ACL's on any object using just
tools provided in BSD environments (chacl to be specific). The problem
was that cp does not copy some ACL's properly. If Apollo is going to modify
the UNIX protection scheme, they must then ensure that all the UNIX tools
that manipulate them also work properly.

I agree that if you stick with standard BSD ACL's, the problems are
minimized. I would love to be able to ignore ACL's completely,
but if you set BSD ACL's on /sys, I doubt that your node would boot
properly, and many NCS/Aegis-related things won't work any more (I did
this once by accident by doing 'chacl -R -B' when I was in /).
-- 
Mike Peterson, System Administrator, U/Toronto Department of Chemistry
E-mail: system@alchemy.chem.utoronto.ca
Tel: (416) 978-7094                  Fax: (416) 978-8775