>>>>> "nw" == Nicolas Williams <nicolas.willi...@oracle.com> writes:
nw> I would think that 777 would invite chmods. I think you are nw> handwaving. it is how AFS worked. Since no file on a normal unix box besides /tmp ever had 777 it would send a SIGWTF to any AFS-unaware graybeards that stumbled onto the directory, alerting them that they needed to go learn something and come back. I understand that everything:everyone on windows doesn't send SIGWTF, but 777 on unix for AFS sites it did. You realize it's not hypothetical, right? AFS was actually implemented, widely, and there's experience with it. If they failed to act on the SIGWTF, the overall system enforced the tighter of the unix permissions and the AFS ACL, so it fails closed. The current system fails open. Also AFS did no translation between unix permissions and AFS ACL's so it was easy to undo such a mistake when it happened: double-check the AFS ACL is not too wide on the directories where you see unix people mucking around in case the muckers were responding to a real problem, then set the unix modes back to 777. nw> When chmod()ing an object... ZFS would search for the most nw> specific matching file in .zfs/ACLs/ and, if found, would nw> replace the chmod()ed object's ACL with that of the nw> .zfs/ACLs/... file found. The .inherit suffix would indicate nw> that if the chmod() target's parent directory has inherittable nw> ACEs then they will be groupmasked and added to the ACEs from nw> the .zfs/ACLs/... file to produce a final ACL. This proposal, like the current situation, seems to make chmod configurable to act like ``not chmod'' which IMHO is exactly what's unpopular about the current regime. You've tried to leave chmod active on windows trees and guess at the intent of whoever invokes chmod, providing no warning that you're secretly doing ``approximately'' what he asked for rather than exactly. Maybe that flies on Windows, but on Unix people expect more precision: thorough abstractions that survive corner cases and have good exception handling. The problem is not that Unix people refuse to learn about Windows permissions to accomodate windows, or that they are too stupid to understand the 'chmod A...' stuff in the manpage. They will learn if you ask them to learn. The problem is that you don't ask them. The repeated complaint is that when OTHER USERS hamfist a bunch of stuff with chmod: (1) they destroy the correct ACLs that were put on those files by people who do know wtf is going on. The ACL's are hard to get right, and there's no simple way for the people who understand ACL's to undo the damage caused by blind chmod'ing (2) it's insecure because it doesn't reliably implement the will of the unaware person invoking chmod and gives that person no warning. AFS had neither problem, nor my proposal. NFSv4 as-built has both.
pgpsBzUloiCYg.pgp
Description: PGP signature
_______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss