Re: ACL ordering

From: Carl Beame (beame@eircom.net)
Date: 11/28/02-05:10:23 AM Z

• Next message: Yoder, Alan: "RE: ACL ordering"
• Previous message: Gordon Waidhofer: "RE: file_id"
• In reply to: Eric Sedlar: "ACL ordering"
• Next in thread: Eric Sedlar: "Re: ACL ordering"
• Reply: Eric Sedlar: "Re: ACL ordering"
• Reply: Nicolas Williams: "Re: ACL ordering"

From: Carl Beame <beame@eircom.net>
Subject: Re: ACL ordering
Message-Id: <2002Nov28.111026+0000@carl>
Date: 28 Nov 2002 11:10:23 +0000

On Thu Nov 28 00:30:51 2002, Eric Sedlar wrote:
> 
> Therefore, to really achieve Windows interoperability (let alone usability),
> protocols like NFSv4 should avoid allowing deny ACEs after any grant ACEs.  This
> also relaxes the requirement to maintain strict ACE ordering, since ordering is
> irrelevant when processing denies, and ordering is irrelevant when processing
> grants (other than as an optimization).  I didn't see anything in the spec about
> what order the inherited ACEs should be placed in (for example relative to a
> default ACL that might be defined on the server on a per-user basis), so making
> this ordering requirement clear simplifies the work.
> 

This is actually incorrect. The user interfaces which ship with Windows NT order
the ACEs in a specific order, but the ACL can be stored in an NTFS filesystem in
ANY order and are evaluated as is defined in the specification. It is easy
enough to write a GUI which allows you to order then any way you want.

- Carl

• Next message: Yoder, Alan: "RE: ACL ordering"
• Previous message: Gordon Waidhofer: "RE: file_id"
• In reply to: Eric Sedlar: "ACL ordering"
• Next in thread: Eric Sedlar: "Re: ACL ordering"
• Reply: Eric Sedlar: "Re: ACL ordering"
• Reply: Nicolas Williams: "Re: ACL ordering"

This archive was generated by hypermail 2.1.2 : 03/04/05-01:50:32 AM Z CST