[linux-elitists] network filesystem (not Samba nor NFS)

Etienne Goyer etienne.goyer@linuxquebec.com
Wed Jun 16 09:17:16 PDT 2004


Academician Kula wrote:
> On Wed, Jun 16, 2004 at 10:58:55AM -0400, Etienne Goyer wrote:
> 
>>Academician Kula wrote:
>>
>>>Kerberos; it has a nice access control model (more advanced than
>>>the standard user, group and world). 
>>
>>Does it conform to POSIX ACL, or is it some other semantic ?
> 
> 
> Based at my brief glance of the 'POSIX' ACL stuff, it looks somewhat
> similar. 

Thanks for the explanation.  It seem very different from POSIX ACL. 
POSIX ACL are stored as extended filesystem attribute in a a specific 
namespace.  They can apply to either file or directory.  AFAIK, there is 
no limit on the number of ACL entry for a file/dir.  Basically, they 
specify rwx tuple for arbritary user/group outside of the standard ugo, 
and they can be specified for Unix groups (actually, that is what make 
sense to use them for).  Standardized command exist to consult or 
manipulate POSIX ACL (getfacl(1) and setfacl(1), at least on my Fedora 
box), and ls will show a '+' near the permission list to let you know 
this file/dir have ACL attached to it.

Also, the somewhat "exotic" permission set of AFS is a downside IMHO.  I 
think the rwx paradigm is much easier to grok for Unix-heads.  This is 
not unlike NTFS, where there are many "extended" permissions (can't 
recall the official nomenclature) like list file in dir, append-only, 
etc.  While more flexibility is always better, it is less orthogonal.

Thanks again.  I'll have to kick my butt someday, get serious with 
Kerberos and give a test-drive to that AFS thingy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040616/98d4d248/attachment.pgp 


More information about the linux-elitists mailing list