Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755774AbcCOHME (ORCPT ); Tue, 15 Mar 2016 03:12:04 -0400 Received: from [198.137.202.9] ([198.137.202.9]:49766 "EHLO bombadil.infradead.org" rhost-flags-FAIL-FAIL-OK-OK) by vger.kernel.org with ESMTP id S1755058AbcCOHLx (ORCPT ); Tue, 15 Mar 2016 03:11:53 -0400 Date: Tue, 15 Mar 2016 00:11:03 -0700 From: Christoph Hellwig To: Andreas Gruenbacher Cc: Christoph Hellwig , Alexander Viro , "J. Bruce Fields" , Linux NFS Mailing List , "Theodore Ts'o" , linux-cifs@vger.kernel.org, Linux API , Trond Myklebust , LKML , XFS Developers , Andreas Dilger , linux-fsdevel , Jeff Layton , linux-ext4 , Anna Schumaker Subject: Re: [PATCH v18 00/22] Richacls (Core and Ext4) Message-ID: <20160315071103.GC19747@infradead.org> References: <1456733847-17982-1-git-send-email-agruenba@redhat.com> <20160311140134.GA14808@infradead.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1027 Lines: 21 On Fri, Mar 11, 2016 at 05:11:51PM +0100, Andreas Gruenbacher wrote: > > while breaking a lot of assumptions, > > The model is designed specifically to be compliant with the POSIX > permission model. What assumptions are you talking about? People have long learned that we only have 'alloc' permissions. Any model that mixes allow and deny ACE is a mistake. > > especially by adding allow and deny ACE at the same time. > > I remember from past discussions that a permission model like the > POSIX ACL model that doesn't have DENY ACEs would be more to your > liking. This argument is dead from the start though: NFSv4 ACLs > without DENY ACEs cannot represent basic file permissions like 0604 > where the owning group has fewer permissions than others, for example > (see the richaclex(7) man page). We would end up with a permission > model that isn't even compatible with the traditional POSIX file > permission model, one which nobody else implements or cares about. So let's stick to the model that we already have.