>>>>> "nw" == Nicolas Williams <nicolas.willi...@oracle.com> writes:
nw> Keep in mind that Windows lacks a mode_t. We need to interop
nw> with Windows. If a Windows user cannot completely change file
nw> perms because there's a mode_t completely out of their
nw> reach... they'll be frustrated.
well...AIUI this already works very badly, so keep that in mind, too.
In AFS this is handled by most files having 777, and we could do the
same if we had an AND-based system. This is both less frustrating and
more self-documenting than the current system.
In an AND-based system, some unix users will be able to edit the
windows permissions with 'chmod A...'. In shops using older unixes
where users can only set mode bits, the rule becomes ``enforced
permissions are the lesser of what Unix people and Windows people
apply.'' This rule is easy to understand, not frustrating, and
readily encourages ad-hoc cooperation (``can you please set
everything-everyone on your subtree? we'll handle it in unix.'' /
``can you please set 777 on your subtree? or 770 group windows? we
want to add windows silly-sid-permissions.''). This is a big step
better than existing systems with subtrees where Unix and Windows
users are forced to cooperate.
It would certainly work much better than the current system, where you
look at your permissions and don't have any idea whether you've got
more, less, or exactly the same permission as what your software is
telling you: the crappy autotranslation teaches users that all bets
are off.
It would be nice if, under my proposal, we could delete the unix
tagspace entirely:
chpacl '(unix)' chmod -R A- .
but unfortunately, deletion of ACL's is special-cased by Solaris's
chmod to ``rewrite ACL's that match the UNIX permissions bits,'' so it
would probably have to stay special-cased in a tagspace system.
pgpzWtQEMyslr.pgp
Description: PGP signature
_______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
