Andreas Barth <[EMAIL PROTECTED]> wrote: > On further consideration, I think a tiered setup would be fine: > 1. If there is an entry for some virtual directory in a central place, > this (and the associated ACLs) are used (one might consider how to > write such rules of course - it might be handy to be able to write > rules for [EMAIL PROTECTED] in the central place).
It is not quite clear what these ACLs are planned to be. > 2. If the subdirectory is not symlinked, the default access is the same > as of the parent directory; if it is symlinked, the default access is > none. The default can be overriden by ACLs (where the ACLs should be > able to be written for full groups) (one might consider to have > allowing/all ACLs to fullfill certain requirements, e.g. being owned > by the owner of the directory). > > Still open is IMHO how to actually access the files in any of the cases > - is it ok to say "you can read the files only if unix permissions _and_ > ACLs are ok"? I'd rather say "you can read the files only if unix permissions _and_ ACLs are ok, *and* namespace permissions allow you to access them". Regards, Sergey _______________________________________________ Bug-mailutils mailing list [email protected] http://lists.gnu.org/mailman/listinfo/bug-mailutils
