On Fri, Mar 11, 2016 at 05:11:51PM +0100, Andreas Gruenbacher wrote: > > while breaking a lot of assumptions, > > The model is designed specifically to be compliant with the POSIX > permission model. What assumptions are you talking about?
People have long learned that we only have 'alloc' permissions. Any model that mixes allow and deny ACE is a mistake. > > especially by adding allow and deny ACE at the same time. > > I remember from past discussions that a permission model like the > POSIX ACL model that doesn't have DENY ACEs would be more to your > liking. This argument is dead from the start though: NFSv4 ACLs > without DENY ACEs cannot represent basic file permissions like 0604 > where the owning group has fewer permissions than others, for example > (see the richaclex(7) man page). We would end up with a permission > model that isn't even compatible with the traditional POSIX file > permission model, one which nobody else implements or cares about. So let's stick to the model that we already have.
