hen...@acm.org said: > I've been surveying various forums looking for other places using ZFS ACL's > in production to compare notes and see how if at all they've handled some of > the issues we've found deploying them. > > So far, I haven't found anybody using them in any substantial way, let alone > trying to leverage them to allow a very large user population to have highly > flexible control over access to their data. > > Anyone here that has a non-negligible ACL deployment that would be interested > in discussing it?
We've been using them here for a couple of years now. Personally, I'd say if you set one ACL, you're already in "non-negligible" territory. It's not easy to get them right, and usually the hardest task is in figuring out what the users want, so we don't use them unless the users' needs cannot be met using traditional Unix/POSIX permissions. The only way we've been able to do this effectively is by scripting it so it's repeatable (and documented), and using inheritance to propagate them to any new items which are added to shared areas. The scripting also (sorta) covers the problem that most backup and file transfer utilities are not capable of backing up and restoring the NFSv4-style ACL's on ZFS. So, let the discussion ensue.... Regards, Marion _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
