Date: Thu, 07 Aug 2003 09:02:31 -0300 From: "Daniel C. Sobral" <dcs@tcoip.com.br> To: Terry Lambert <tlambert2@mindspring.com> Cc: current@freebsd.org Subject: Re: ACLS on UFS2 from FreeBSD 5.1-RELEASE install. Message-ID: <3F323FD7.6090903@tcoip.com.br> In-Reply-To: <3F31E42E.87379C0A@mindspring.com> References: <1059854534.46751.0.camel@acheron.livid.de> <3F311492.9080309@tcoip.com.br> <3F31E42E.87379C0A@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Terry Lambert wrote:
> "Daniel C. Sobral" wrote:
>
>>Scott M. Likens wrote:
>>
>>>Has anyone noticed the ACLS being disabled?
>>>
>>>tunefs -p /dev/da1s1c shows that ACLS are disabled on every partition I
>>>have, i've gone through them all.
>>>
>>>any reason why?
>>
>>ACL is not the standard unix permission. Why enable something most
>>people don't even know is there?
>
>
> Have you ever had the need to put someone in more than 16 inclusion
> or exclusion groups simultaneously, and run out of groups that could
> simultaneously be associated with a given credential?
Yes, that's why I enabled ACL here. Alas, I know FreeBSD supports ACL,
and I know what semantics are used, so I'm not likely to be caught
unaware by something I don't even know it's there.
You'll also notice I'm not questioning the _existence_ of ACL. My point
is that FreeBSD is Unix (no matter what the lawyers say), and people
don't usually think of ACL when they think of Unix. Ergo, enabling ACL
by defautl violates POLA.
And, in FreeBSD, POLA is king.
(Or so we used to believe, no matter what we actually did. :)
--
Daniel C. Sobral (8-DCS)
Gerencia de Operacoes
Divisao de Comunicacao de Dados
Coordenacao de Seguranca
VIVO Centro Oeste Norte
Fones: 55-61-313-7654/Cel: 55-61-9618-0904
E-mail: Daniel.Capo@tco.net.br
Daniel.Sobral@tcoip.com.br
dcs@tcoip.com.br
Outros:
dcs@newsguy.com
dcs@freebsd.org
capo@notorious.bsdconspiracy.net
"But I don't like Spam!!!!"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F323FD7.6090903>