[OpenAFS] user-visible change suggestion for fs setacl
Felix Frank
Felix.Frank@Desy.de
Wed, 17 Dec 2008 10:02:21 +0100 (CET)
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--579669762-87215780-1229504541=:15839
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by znsun1.ifh.de id mBH92LRY025356
On Wed, 17 Dec 2008, Erik Dal=E9n wrote:
> On Wed, Dec 17, 2008 at 03:09, Stephen Joyce <stephen@physics.unc.edu> =
wrote:
>> On Tue, 16 Dec 2008, Tom Maher wrote:
>>
>>> What's the semantics for negative ACLs? For example,
>>>
>>> fs sa . system:authuser rl
>>> fs sa . badguy +rl -negative
>>>
>>> I'm guessing that'll give badguy negative "rl" bits.
>>
>> Makes sense to me.
>>
>>> Should 'fs sa . badguy -rl' implicitly give him negative "rl" bits, i=
f
>>> he doesn't have anything already?
>>
>> That doesn't make sense to me. I'd suggest that -<perm> should never a=
dd
>> permissions, only remove. So it should just clear the perms if they're=
set
>> and do nothing if not. To add the negative flags, do what you suggeste=
d
>> above.
>>
>> My $0.02.
>
> Sounds very reasonable to me. My vote for implementing it like this.
Still doesn't feel devoid of ambiguity, though:
fs sa . user +rl -negative # sets negative bits
fs sa . user -rl -negative # takes away negative bits?
fs sa . user -rl # takes away both negative and positive bits?
# or positive only? what about neg. then?
To add more confusion, I find another model conceivable:
fs sa . user +a # always removes negative bit, adds positive bit
fs sa . user -a # always sets negative bit, removes positive bit
the drawbacks being painfully obvious.
In all, with ACLs having one degree of higher complexity than unix=20
permissions, there probably is no way to make this syntax 100% intuitivel=
y=20
akin to chmod's.
Thus, the original proposal to use postfix +/- might communicate the
distinction?
Regards
Felix
--579669762-87215780-1229504541=:15839--