On 11/06/18 09:54, Joerg Schilling wrote: > Wol's lists <antli...@youngman.org.uk> wrote: > >> On 09/06/18 18:09, Rich Freeman wrote: > ... >>> downsides as well, in particular it is certainly more complex and at >>> work we practically forbid any kind of windows ACLs at anything other >>> than the top mount level because it is so hard to control. >> >> Windows is better than POSIX?! That doesn't say much for POSIX then, >> seeing as I feel Windows ACLs are overly complex and difficult! > > Well, "Windows ACLs" is the only ACL system that is standardized (as part of > the NFSv4 standard). The old proposal in POSIX.1e from 1993 from Sun has been > withdrawn in 1997 since the customers did not like it. > Ummm - just because it's standard doesn't mean it's any good :-)
This version I'm talking about dates from about 1983. The company making it went bust in 1991. I've just had a quick look at the NFS v4 RFC, and almost the first thing I see is DENY entries. These ACLs don't have deny, because it's pointless. And DENY is exactly why I think Posix/Windows ACLs are confusing and hard to use. Cheers, Wol