Sorry sir, but technically it is the sgid bit that is a gross hack.
The Posix draft for ACLs never got final approval, but it is pretty
standardized across most OSs, and works fine for any Linux OS that isn;t
on ancient kernels. It is also enabled by default on all file systems
that matter normally.
I agree with you that the sgid bit is a big hack here and that default ACL
rules are much more flexible in general.
Frankly speaking, I do not care too much if it is cool or not. What I do care about, is a real cross-platform compatibility necessary for
commercial production usage.
Posix-draft ACLs never got any final approval and are compatible across most of Linuxes (Windows uses something completely different and
SunOS with its zfs filesystem, too). Moreover, there is NFSv4 which also comes with something different as you know and appliances like
Netapp NAS does _only_ support NFSv4 ACL semantics.
Rich-ACL, while cool and necessary for NFS ACL and better Windows ACL
compatibility will also be much more complex than Posix ACLs, and does
not add anything special for the default ACL use case.
So whereas Posix ACLs might be perfect solution for most users/admins, future is somewhere else. I do not want to start any flame here, I
just want a simple thing, I want to use ACLs which are robust enough to be really cross-platform compatible and widely supported so I know I
they will be supported even in 5-10 years.
Freeipa-users mailing list