On Tue, 2022-01-04 at 12:03 -0500, Mike Gilbert wrote: > > I disagree with the claim that "most people" should disable ACL > support at build time. That just gives you partially functional tools. > The ACL behavior can generally be controlled using runtime options.
I understand why people would disagree in this case, but isn't that a an argument for having the flag? There are plenty of great uses for ACLs, but unless you're extremely knowledgeable, they also add a million new ways to compromise your system. For example, if you untar a file with a default-ACL'd directory in it and don't notice the little plus sign, you might wind up unknowingly creating world-writable files. Even if you do notice the ACL, you have to be an expert in the interaction between umask, permission bits, the ACL mask, effective permissions, conflicting ACLs, and all of the tools you're using to understand what will actually happen or how to properly fix it. It's not something normal people can handle. If you don't need them for anything, it's just nice not to have to worry about those issues.
