On 12/8/07, Jean-Pierre ANDRE <[EMAIL PROTECTED]> wrote: > > > > I am curios why the mapping is not done using POSIX ACLs, so that > > getfacl and setfacl will be enabled to manage the ntfs ACLs. > > Well, the objective was to provide the "rwx" functionality, using the NTFS > ACLs. This is difficult because the underlying concepts are not the same. > Trying to use an inner layer relying on another set of concepts would add > up to the complexity. > > Just for an example. You want to provide protection modes such as 0422 (or > "r---w--w-"), typically for a user to collect some logs he/she wants to be > sure not to spoil. To do that you have to grant a write ACE to world, which > would enable the user to write to the file, so you have to put another ACE to > deny writing to the owner. The problem is (as far as I know) there is no > "deny ACE" in Posix...
cygwin already solved this. If you take cygwin example of POSIX ACL mapping to Windows ACL, you get *A* solution... I mean one of many, but works. So it can be done... And it much better than just setting the primary mode, as it supports inheritance, multiple entries etc... > > Also, I think an option should be given so that the UserMapping file > > may be specify at mount time. something like mount -t ntfs-3g -o > > usermapping=<file> ... > > This is simple... and complicated. Your file might not reside on the > same device, and you end up having to shedule the mounting sequence. This exactly what I wish... I want the mapping to exist on the system I mount the filesystem into. > Above all, there is a security concern if access to UserMapping is less > secure than any data on the device. Any user could build an adequate > UserMapping to read or destroy anything on the device... (Using plain > ntfs-3g would be even more easier, but that is another point). There is no security concern, as I can do whatever I like with this filesystem anyway. > > Finally I want to ask regarding the mandatory label of vista, will it > > be supported? > > http://msdn2.microsoft.com/en-us/library/aa965848.aspx > > I guess a special utility should be written for this, as as far as I > > know, POSIX ACL does not support extensions (named attributes). > > > I have not investigated much about requirements related to Vista, > and I have no access to Vista myself. > > In what situations should this be needed ? If you enable ACL management, it best to support all features... For example, disk recovery, backup... Best Regards, Alon Bar-Lev. ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ ntfs-3g-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ntfs-3g-devel
