[ ] Motorola Proprietary Confidential/IBM Confidential
[X] Internal Use Only
[ ] Unclassified
On Tue, 13 Apr 1993 22:41:03 -0500 (CDT) [EMAIL PROTECTED] wrote:
>: +Date: Tue, 13 Apr 1993 18:14:39 -0400 (EDT)
+From: [EMAIL PROTECTED]
+To: [EMAIL PROTECTED], [EMAIL PROTECTED]
+Subject: Re: PAG Instructions, Please
[EMAIL PROTECTED] (Randolph J. Herber, CD/DCD/SPG, x2966) writes:
+> Another thing I do not understand is why AFS did not implement full Unix
file
+> semantics and instead implemented ``ACL''s.
....
+In any case, the DCE DFS design includes much closer adherance to Unix
+mode bit semantics through the use of POSIX ACLs. Changing the mode
+bits changes the relevant part of the file ACL and vice-versa.
And, this is something to be thankful for.
Breaking nearly a quarter century of software is a serious matter.
This causes difficulties for the ``users'' also.
+> This makes AFS very unusable in
+> an UNIX environment.
+This is an interesting comment! AFS runs almost exclusively in the
+Unix environment -- certainly, the platforms supported by Transarc are
+all Unix-based. Yet, our list of AFS customers indicates that a large
+number of sites find AFS usable in those environments! It's true that
+some amount of code changes and quite a bit of user retraining are
+involved, but it would seem that many people still find AFS usable.
No! AFS runs in a AFS environment.
The UNIX operating system is a support environment for AFS;
not the converse.
When I can not run set-uid and set-gid programs in the form they
were developed, I feel something is broke.
When I can not run programs without making them also readable,
I feel something is broke.
I feel that the fact that ``quite a bit of user retraining''
is required shows that something is broke.
When AFS or its successor is as transparent to the user as
NFS is, then it will be repaired.
+Joe Jackson,
+AFS Product Support,
+Transarc Corp.
Randolph J. Herber, [EMAIL PROTECTED], +1 708 840 2966, CD/DCD/SPG
AFS does run in an AFS environment which actually has some decent security
built in to it. NFS and UNIX are poor when it comes to this. AFS cells
can be accessed from anywhere, much like NFS, but where NFS is woefully
insecure, AFS really shines. If security, response time and reliability are
not concerns then NFS is an acceptable option. Sure, you need to learn a
little in order to fully utilize AFS from a user point of view, but if your
administrators are knowledgeable, then they can present a very easy to use
directory structure that users will look at as an extension of
their own workstation. System:anyuser rl will provide access to anyone
for programs and other utilities.
By the way, we have numerous SUID and SGID programs that work just fine,
AFS provides an easy means for administrators to set this up. It is true
that only an administrator can setup SUID to root programs, but that is
the same way that UNIX does it, only root can have an SUID program owned
by root, and AFS also follows this security measure.
I for one am very glad that AFS is so different from NFS. But the
differences that I have seen are mostly from the Admin side. ACLs are
also used on many UNIX platforms, but most users do not use them.
Thanks
*-----------------------------------------------------------------*
| Allen Hebert | |
| | [EMAIL PROTECTED] |
| Smiley Face Below: | (Somerset Local E-mail) |
| { :-) Marge Simpson | [EMAIL PROTECTED] |
| (512) 795-7306 | (Internet E-mail) |
| Systems/Network Engineering | |
*-----------------------------------------------------------------*
