Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!uunet!mcsun!ukc!acorn!ixi!ixi!pd From: pd@x.co.uk (Paul Davey) Newsgroups: comp.unix.wizards Subject: Re: ACL lists (was Re: file attributes) Message-ID: Date: 27 Jun 91 11:06:37 GMT References: <31710@hydra.gatech.EDU> Sender: paul@x.co.uk (Paul Davey) Organization: IXI Ltd. Lines: 53 In-Reply-To: gt0178a@prism.gatech.EDU's message of 24 Jun 91 10: 28:05 GMT >>>>> On 24 Jun 91 10:28:05 GMT, gt0178a@prism.gatech.EDU (Jim Burns) said: Jim> in article , bzs@world.std.com (Barry Shein) says: Jim> I rather liked the IDEA of ACL lists, being first exposed (briefly) to Jim> them in VMS. The one implementation of them I saw, tho', HP-UX 7.0's, had Jim> a flaw that any time you use 'chmod', it wipes out the ACL list. Seems to Jim> me that chmod should just change the base permissions in the ACL list, not Jim> wipe them out. Chmod permissions and ACL permissions should be more Jim> closely integrated, possibly wiping out conflicting ACL requirements, but Jim> not wiping them out altogether. I hope this practice is NOT 'an accepted Jim> way to meet standards', and not part of POSIX, etc. Any comments? The best implementation I've seen of ACLs under Unix is in Apollo's DomainOS (after SR10). Extended permissions could be masked out by a chmod a-w, but the information was stored and could be recalculated via an option to the `chacl' command. (There is also an `lsacl'). The ACL schemes I've seen in HP-UX and AIX do not seem as well designed to me in both concept and ease of use. The Apollo method also allowed keep and protect permission (required by Aegis) to be specified for file objects, keep being the inability to delete a file, protect being the right to change the permsisions. The other major change was that Apollos have a super-group called organisation, which is a level of grouping between group and world. This was hidden from the unix tools, but visible via the ACLs. Apollos pre SR10 Unix permissions (in Domain-IX were a scream however. Unix mode was implemented in terms of ACLs in an ACL-cache which could get corrupted with *bizzare* results. At SR10 key ACLs (basically those synonymous with the unix permissions) were moved into the equivalent of the inode (Domain file systems are distributed over all Apollo nodes) , which can hold a pointer to a block of extended (normal style) ACLs. ACLs are very good for security (Unix permissions are too wide for the higher orange book levels), but in my experience they are too much trouble to administer on a day to day level for most files. They allow very great control of permissions on specific files and users or groups. -- Regards, pd@x.co.uk IXI Limited Paul Davey pd@ixi.uucp 62-74 Burleigh St. ...!uunet!ixi!pd Cambridge U.K. "These are interesting times" +44 223 462 131 CB1 1OJ USA: 1 800 XDESK 57