It seems to me that ACLs could be implemented in the VFS layer, in a way very similar to the way quotas work. The ACL chains could be stored in a file in the root of the filesystem, analogous to quota.user, using a structure similar to the half-implemented ACLs in ext2fs from 2.1.132. The filesystem and vfs would have to have an ACL index field in their inodes, but little more. Does that make sense to anyone else? -- Martin Pool Our policy is, when in doubt, do the right thing. -- Roy L Ash