Re: Interaction between mode bits and acls

From: Jim Rees (rees@umich.edu)
Date: 04/10/02-03:37:24 PM Z

• Next message: Khan, Saadia: "RE: Interaction between mode bits and acls"
• Previous message: Taylor_Tad@emc.com: "RE: Speaking of ACLs"
• Next in thread: Khan, Saadia: "RE: Interaction between mode bits and acls"

Subject: Re: Interaction between mode bits and acls 
From: Jim Rees <rees@umich.edu>
Date: Wed, 10 Apr 2002 16:37:24 -0400
Message-Id: <20020410203724.7B095207C6@citi.umich.edu>

Think of mode bits as a very simple acl with three entries, one each for the
owner, a single group, and everyone else.  Each entry has three rights bits,
read, write/insert, and execute/lookup.  Mode bits are in the protocol as a
sort of backward compatibility hack.  They were used as a file protection
hint in older versions of nfs.

There is a fundamental conflict when you have both acls and mode bits.  I
have extensive experience with two systems that had both.  One of them
(Domain/OS) tried to map between them, and ended up being confusing and hard
to use.  The other (afs) ignored the mode bits and only used the acl, and
ended up being confusing and hard to use.  I think it's unfortunate that the
nfs v4 designers didn't learn from this experience and leave out the mode
bits, but I understand the constraints they were operating under.

• Next message: Khan, Saadia: "RE: Interaction between mode bits and acls"
• Previous message: Taylor_Tad@emc.com: "RE: Speaking of ACLs"
• Next in thread: Khan, Saadia: "RE: Interaction between mode bits and acls"

This archive was generated by hypermail 2.1.2 : 03/04/05-01:49:41 AM Z CST