(Illustration by Gaich Muramatsu)
* Davor Ocelic <docelic_at_mail.inet.hr> wrote: Hi, > I find Unix permissions too restricted and getting messed up > all the time when you try to do user magic with them. > > For system stuff, Unix permissions are ok, but for higher-level > thinking and user convenience, ACLs in AFS or Coda style are great. It always depends on what you're doing with the machines. When I came to GNU/Linux about 12 years ago, I used to use Novell 4.x, which supported ACLs. Well, it required some rethinking and from a plain-user view it wasn't comfortable. But over the years I learned to like it, since its simple and effient - good for environments where confortability is not required (ie. webservers, really few useres per system,...) The big problem is how to bring these two different concepts together. Maybe it's good first to think about how we could (partially) simulate ACLs in the classical unix permission system: each distinct ACL (in Novell words: trustee set) is represented by an group. And now some diferrent view: what does an unix permission mean in ACL words ? Well, each file has an ACL with the structure: * 1. ownership: the one who's allowed to change the ACL * 2. permissions for the one who owns the file * 3. permissions for some group * 4. permissions for the 'world'-group (all users) As long as we've got this structure (the admin will have to take care of that), we can easily map ACLs to unix permissions and vice versa. Venus can maintain an table of mappings between local and coda groups. So, for example if I run chgrp on some file, it actually replaces the group in the 3rd trustee. cu -- --------------------------------------------------------------------- Enrico Weigelt == metux IT service phone: +49 36207 519931 www: http://www.metux.de/ fax: +49 36207 519932 email: contact_at_metux.de cellphone: +49 174 7066481 --------------------------------------------------------------------- -- DSL ab 0 Euro. -- statische IP -- UUCP -- Hosting -- Webshops -- ---------------------------------------------------------------------Received on 2007-02-27 08:52:01