On 02/26/10 10:45, Paul B. Henson wrote:
> I've already posited as to an approach that I think would make a pure-ACL
> deployment possible:
>
>
> http://mail.opensolaris.org/pipermail/zfs-discuss/2010-February/037206.html
>
> Via this concept or something else, there needs to be a way to configure
> ZFS to prevent the attempted manipulation of legacy permission mode bits
> from breaking the security policy of the ACL.
I believe this proposal is sound.
In it, you wrote:
> The feedback was that the internal Sun POSIX compliance police
> wouldn't like that ;).
There are already per-filesystem tunables for ZFS which allow the
system to escape the confines of POSIX (noatime, for one); I don't see
why a "chmod doesn't truncate acls" option couldn't join it so long as
it was off by default and left off while conformance tests were run.
- Bill
