From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,HTML_MESSAGE, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from minnie.tuhs.org (minnie.tuhs.org [45.79.103.53]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id 2f2c2109 for ; Wed, 31 Jul 2019 19:02:10 +0000 (UTC) Received: by minnie.tuhs.org (Postfix, from userid 112) id 5F1C89BA24; Thu, 1 Aug 2019 05:02:09 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id AEA7794BCD; Thu, 1 Aug 2019 05:01:59 +1000 (AEST) Authentication-Results: minnie.tuhs.org; dkim=pass (1024-bit key; unprotected) header.d=ccc.com header.i=@ccc.com header.b="ao65TZ8J"; dkim-atps=neutral Received: by minnie.tuhs.org (Postfix, from userid 112) id A72B094BCD; Thu, 1 Aug 2019 05:01:58 +1000 (AEST) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by minnie.tuhs.org (Postfix) with ESMTPS id 0CF8C948EB for ; Thu, 1 Aug 2019 05:01:58 +1000 (AEST) Received: by mail-wm1-f54.google.com with SMTP id x15so61962023wmj.3 for ; Wed, 31 Jul 2019 12:01:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ccc.com; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tvtaIhxJTHpjd/cSoiLKR2LvQ7YmStpulIP956A5Img=; b=ao65TZ8JaLpBqn5fL9gSDjxrucT2X6xl8xbJEkQYIrEfYuRa1nn44CnWTUvwz7Tu6M HPTz4rhKRNPpzpT1a2nrFiQL+spe6iKKSaHut9z40GlgOQaZ+6LFMXqJ6z3WggeZJZ2k JrhcQsExq0SQHxvwtz9XMUdaUOl6DZls3MSEc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tvtaIhxJTHpjd/cSoiLKR2LvQ7YmStpulIP956A5Img=; b=GqEa+Jnli8KIHwqbfutZ+axjB09D4kWCYR0tNSsIBvTRMqLbcZC1i77KmRG2G/2HJe xwUScocbpXuRKb4/gfwRy/hI9rLdJ5v+nNKbxmZFHxiAlp2SOEaZT7kuqmZcEvYLDEeL ox3OpgXa5KgkSChNMAfPh6zBB1sZoZzkdS7Gk1nXUjLIYmmPaeSZgqoyPcw9D0AU7NO/ ESkmoRGgo9843c3wnwx9vCzWIOprPaQvCOI5TRHoXqV3NVf1vx1HwgGmq0kO9ujypy4X XxUiKEV1oo9BsgNspS3lxfVAhAPhhHnxHtYciP1Tqojh+exN8KQb0IeCCzipEe+Tsezy SQrw== X-Gm-Message-State: APjAAAUf0PLl+4Rnrjf7Zr6DlizH5jinI8iP9abLf+5XfWx2/x5x60SY hnGagLd30wDnfmnBjEpdV8im/HDppgxhCmip1gUw3yYpo08= X-Google-Smtp-Source: APXvYqzMZJNDGlGx3Jf19L8UYrylF0Jh7PNdPLjLcbh5k1kFTACjx5NTpwbR3gfoRFJcREYQ2gGe4AmmhTbbcqvw0T8= X-Received: by 2002:a1c:a1c5:: with SMTP id k188mr112329175wme.102.1564599716463; Wed, 31 Jul 2019 12:01:56 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Clem Cole Date: Wed, 31 Jul 2019 15:01:30 -0400 Message-ID: To: Grant Taylor Content-Type: multipart/alternative; boundary="00000000000050e575058efec29a" Subject: Re: [TUHS] Who's behind the UNIX filesystem permission implementation X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: TUHS main list Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" --00000000000050e575058efec29a Content-Type: text/plain; charset="UTF-8" On Wed, Jul 31, 2019 at 2:46 PM Grant Taylor via TUHS wrote: > I thought that ACLs acted as additional gates / restriction points > beyond what standard Unix file system permissions allowed. > It's really how strict you want to be in the definition of an ACL. UNIX uses the same basic/simple model but traditional UNIX style ACLs of 3 options of 3 modes are implemented are just more coarsely defined than say VMS or later NT or SELinux, uses for their file systems. It's arguable that the extra granularity of the others actually adds a great deal in actual day to day use cases. At one time, I will admit that I had thought VMS style ACLs might be more helpful to UNIX and we added them to one of our file systems, but when I look back on 40 years of using anything beyond UNIX style ACLs its been pretty rare when I actually needed much more (*i.e.* theory vs. practice). The problem is the programming interface tends to get more difficult when you add some of the extra features. To me the brilliance to UNIX has always been getting down to a very simple interface that was "good enough" to get the *job done* and not so full of *extra stuff *that it gets in the way (which tends to be a complaint by way with Linux -- which does have a lot of new/rich features, but so full of some many different features theses days you have to wonder is/was it worth it). To me, it's arguable that ACL's beyond R/W/E and U/G/E is really needed in practice. Clem --00000000000050e575058efec29a Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


On Wed, Jul 31, 2019 at 2:46= PM Grant Taylor via TUHS <tuhs@minnie.tuhs.org> wrote:
I thought that ACLs acted as additional ga= tes / restriction points
beyond what standard Unix file system permissions allowed.=C2=A0
It's really how strict you want to be in the definition = of an ACL.=C2=A0 =C2=A0UNIX uses the same basic/simple model but traditiona= l UNIX style ACLs of 3 options of 3 modes are implemented are just more coa= rsely defined than say VMS or later NT or SELinux, uses for their file syst= ems.=C2=A0 =C2=A0It's arguable that the extra granularity of the others= actually adds a great deal in actual day to day use cases.

At one time, I will admit that I had though= t VMS style ACLs might be more helpful to UNIX and we added them to one of = our file systems, but when I look back on 40 years of using anything beyond= UNIX style ACLs its been pretty rare when I actually needed much more (= i.e. theory vs. practice).

<= span class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-seri= f">The problem is the programming interface tends to get more difficult whe= n you add some of the extra features.=C2=A0 =C2=A0To me the brilliance to U= NIX has always been getting down to a very simple interface that was "= good enough" to get the job done and not so full of = extra stuff that it gets in the way (which tends to be a complaint b= y way with Linux -- which does have a lot of new/rich features, but so full= of some many different features theses days you have to wonder is/was it w= orth it).=C2=A0 =C2=A0

To me= , it's arguable that ACL's beyond R/W/E and U/G/E is really needed = in practice.

Clem
--00000000000050e575058efec29a--