[OpenAFS] user-visible change suggestion for fs setacl
Wed, 17 Dec 2008 10:02:21 +0100 (CET)
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Content-Type: TEXT/PLAIN; charset=ISO-8859-1; format=flowed
X-MIME-Autoconverted: from 8bit to quoted-printable by znsun1.ifh.de id mBH92LRY025356
On Wed, 17 Dec 2008, Erik Dal=E9n wrote:
> On Wed, Dec 17, 2008 at 03:09, Stephen Joyce <firstname.lastname@example.org> =
>> On Tue, 16 Dec 2008, Tom Maher wrote:
>>> What's the semantics for negative ACLs? For example,
>>> fs sa . system:authuser rl
>>> fs sa . badguy +rl -negative
>>> I'm guessing that'll give badguy negative "rl" bits.
>> Makes sense to me.
>>> Should 'fs sa . badguy -rl' implicitly give him negative "rl" bits, i=
>>> he doesn't have anything already?
>> That doesn't make sense to me. I'd suggest that -<perm> should never a=
>> permissions, only remove. So it should just clear the perms if they're=
>> and do nothing if not. To add the negative flags, do what you suggeste=
>> My $0.02.
> Sounds very reasonable to me. My vote for implementing it like this.
Still doesn't feel devoid of ambiguity, though:
fs sa . user +rl -negative # sets negative bits
fs sa . user -rl -negative # takes away negative bits?
fs sa . user -rl # takes away both negative and positive bits?
# or positive only? what about neg. then?
To add more confusion, I find another model conceivable:
fs sa . user +a # always removes negative bit, adds positive bit
fs sa . user -a # always sets negative bit, removes positive bit
the drawbacks being painfully obvious.
In all, with ACLs having one degree of higher complexity than unix=20
permissions, there probably is no way to make this syntax 100% intuitivel=
akin to chmod's.
Thus, the original proposal to use postfix +/- might communicate the