On Wed, Aug 21, 2002 at 08:33:24AM +0200, Lionel Elie Mamane wrote: > > Does this "version" of ACL's calm your fears of ACL's being > "unintuitive"?
I think Nowell Netware had even more intuitive ACLs (but hard for the OS). They were Supervisory, Read, Write, Create, Erase, Modify attributes, see the File, grant Access The rights were inherited. If you wanted people to see your directory you grant RF to everybody on that directory. You do not need to put any ACLs on its subdirs or files. In addition there was inheritance mask: you could restrict which rights are inherited at any place in the directory tree. If the OS wanted to know what is an user allowed to do to a file, it collected that user's name and group names. It started with the file and empty mask. For each of the names that appears in the file's ACL and does not yet have any associated permissions it associates any permission bits from the ACL that do not appear in mask with that name. Then it ors current mask with mask of the file and repeats with the file's parent, if any. Finally the rights are ORed. -- Michal Suchanek [EMAIL PROTECTED]