[linux-elitists] network filesystem (not Samba nor NFS)
Wed Jun 16 09:17:16 PDT 2004
Academician Kula wrote:
> On Wed, Jun 16, 2004 at 10:58:55AM -0400, Etienne Goyer wrote:
>>Academician Kula wrote:
>>>Kerberos; it has a nice access control model (more advanced than
>>>the standard user, group and world).
>>Does it conform to POSIX ACL, or is it some other semantic ?
> Based at my brief glance of the 'POSIX' ACL stuff, it looks somewhat
Thanks for the explanation. It seem very different from POSIX ACL.
POSIX ACL are stored as extended filesystem attribute in a a specific
namespace. They can apply to either file or directory. AFAIK, there is
no limit on the number of ACL entry for a file/dir. Basically, they
specify rwx tuple for arbritary user/group outside of the standard ugo,
and they can be specified for Unix groups (actually, that is what make
sense to use them for). Standardized command exist to consult or
manipulate POSIX ACL (getfacl(1) and setfacl(1), at least on my Fedora
box), and ls will show a '+' near the permission list to let you know
this file/dir have ACL attached to it.
Also, the somewhat "exotic" permission set of AFS is a downside IMHO. I
think the rwx paradigm is much easier to grok for Unix-heads. This is
not unlike NTFS, where there are many "extended" permissions (can't
recall the official nomenclature) like list file in dir, append-only,
etc. While more flexibility is always better, it is less orthogonal.
Thanks again. I'll have to kick my butt someday, get serious with
Kerberos and give a test-drive to that AFS thingy.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20040616/98d4d248/attachment.pgp
More information about the linux-elitists