On 2/10/2010 9:36 PM, Jason King wrote:
<rant type="mini"> My experience (perhaps others will have different experiences) is that due to the added complexity and administrative overhead, ACLs are used when it's absolutely necessary -- i.e. you have something that due to it's nature must have very explicit and precise access control. Things like payroll, financial, or other HR data for example. The last thing I want is the system going behind my back and silently modifying the permissions I'm trying to set, and leaving directories and files with permissions other than what was set (which is what you get today with the defaults). While testing of course will reveal when this is an issue, it increases the probability of sensitive data being incorrectly disclosed, which is why I think it's a horrible default. </rant>
My experience with ACLs is that they suck dead diseased rats through a straw and I wish I could turn them off. So far as I can see, they cause endless confusion, make things not work right, break all the basic expectations about how protections work, and don't actually give me any functionally important benefits (they let me use fewer directories sometimes, but only at the cost of grotesque confusion).
What I would dearly love is an option to disable all ACL suppport. -- David Dyer-Bennet, d...@dd-b.net; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.info _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
