[ACL-Devel] Re: OT: ACLs for Linux

Linda Walsh law@sgi.com
Mon, 10 Apr 2000 10:46:45 -0700 

Andreas Gruenbacher wrote:
> This is an important design decision. It seems there are two philosophies here.
> One is to store arbitrary metadata for files (Irix filesystem). ACLs and other
> metadata are then allocated per file. The other approach is to allocate space
> for ACLs like I'm currently doing. From my understanding this is similar to
> Solaris ACLs.
---
	Oh, and BTW, my manager wrote the code for trusted solaris, so he knows
the background very thoroughly -- that's why the IRIX system is more flexible --
it's a "learn from the mistakes of the past"/2nd generation type effect.

	For example -- customers wanted finer granularity in auditing and/or to
define different groups than the 10 or so that solaris pre-defined.  So in IRIX,
an audit-mask allows selection of any of 110 or so events.  That doesn't mean
an audit-interface couldn't great the same groupings on top of those events --
just that they don't have to stick with those events.

	Right now, over on the linuxBSM project, their focus on auditing is
for Solaris compatibility so that Solaris-based audit processing tools can
be used.  Unfortunately, that doesn't help the open-source community, since
proprietary (Solaris) tools are then needed to process the data.  When I pointed out that
this really wasn't of great benefit to the Linux community unless they were planning
on creating those audit tools for Linux they got *very* quiet.  I think
they are being partially funded/helped by organizations whose main goal is
to have cheap Linux workstations fit into an existing Solaris environment.  
Creating audit designed to fit into a Solaris environment rather than creating
it to be standalone is not my idea of what is best for Linux.

-l 

-- 
Linda A Walsh                    | Trust Technology, Core Linux, SGI
law@sgi.com                      | Voice: (650) 933-5338
-------------------------------------------------------------------------
Linux ACL Developers List ---  http://acl.bestbits.at/acl-devel/

To unsubscribe, send a message with `unsubscribe acl-devel'
in the message body to majordomo@bestbits.at.
-------------------------------------------------------------------------