ACL lists (was Re: file attributes)

Paul Davey pd at x.co.uk
Thu Jun 27 21:06:37 AEST 1991


>>>>> On 24 Jun 91 10:28:05 GMT, gt0178a at prism.gatech.EDU (Jim Burns) said:

Jim> in article <BZS.91Jun22125410 at world.std.com>, bzs at world.std.com (Barry Shein) says:

Jim> I rather liked the IDEA of ACL lists, being first exposed (briefly) to
Jim> them in VMS. The one implementation of them I saw, tho', HP-UX 7.0's, had
Jim> a flaw that any time you use 'chmod', it wipes out the ACL list. Seems to
Jim> me that chmod should just change the base permissions in the ACL list, not
Jim> wipe them out. Chmod permissions and ACL permissions should be more
Jim> closely integrated, possibly wiping out conflicting ACL requirements, but
Jim> not wiping them out altogether. I hope this practice is NOT 'an accepted
Jim> way to meet standards', and not part of POSIX, etc. Any comments?

The best implementation I've seen of ACLs under Unix is in Apollo's
DomainOS (after SR10). Extended permissions could be masked out by a
chmod a-w, but the information was stored and could be recalculated
via an option to the `chacl' command. (There is also an `lsacl').

The ACL schemes I've seen in HP-UX and AIX do not seem as well designed
to me in both concept and ease of use.

The Apollo method also allowed keep and protect permission (required
by Aegis) to be specified for file objects, keep being the inability
to delete a file, protect being the right to change the permsisions.

The other major change was that Apollos have a super-group called
organisation, which is a level of grouping between group and world.
This was hidden from the unix tools, but visible via the ACLs.

Apollos pre SR10 Unix permissions (in Domain-IX were a scream however.
Unix mode was implemented in terms of ACLs in an ACL-cache which could
get corrupted with *bizzare* results. At SR10 key ACLs (basically
those synonymous with the unix permissions) were moved into the
equivalent of the inode (Domain file systems are distributed over all
Apollo nodes) , which can hold a pointer to a block of extended
(normal style) ACLs.

ACLs are very good for security (Unix permissions are too wide for the
higher orange book levels), but in my experience they are too much
trouble to administer on a day to day level for most files. They allow
very great control of permissions on specific files and users or
groups.




--
 Regards,			 pd at x.co.uk          IXI Limited
	Paul Davey		 pd at ixi.uucp         62-74 Burleigh St.
				 ...!uunet!ixi!pd    Cambridge  U.K.
 "These are interesting times"   +44 223 462 131     CB1  1OJ      
				 USA: 1 800 XDESK 57



More information about the Comp.unix.wizards mailing list