Mark Shellenbaum wrote: > Darren J Moffat wrote: >> Tim Haley wrote: >>> PROPOSED SOLUTION: >>> >>> Introduce a "passthrough-x" property value for the "aclinherit" >>> property. The ACE_EXECUTE permission will only be inherited for >>> ACEs that affect the mode (owner@, group@, and everyone@) if >>> an execute bit is set in the file creation mode. This behavior >>> is only for files, directories continue to inherit ACLs as >>> specified in PSARC/2008/231. >> >> Any reason to have another aclinherit value here rather than just >> redefining passthrough from 2008/231 to have the behaviour from this >> case ? Basically is there actually perceived benefit in having both >> passthrough and passthrough-x given all the other capabilities of ACL >> inheritance and the ability to control execution using the 'exec' >> property ? >> >> Has 2008/231 actually shipped in a patch (Solaris 10) update release? >> > > 2008/231 will be in s10u6 and there is an IDR out there already for > s10u5. Not sure if it ever became an official patch, though.
So basically past the point of no return :-) > Just seemed simpler to allow "passthrough" to remain as is for those who > always want to force the mode exactly as in the inherited ACEs, and > provide "passthrough-x" for those environments that want to optionally > inherit 'x' when necessary. Okay, I'm happy with that. -- Darren J Moffat
