Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Wed, 14 Aug 2002 19:17:20 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Wed, 14 Aug 2002 19:17:20 -0400 Received: from leibniz.math.psu.edu ([146.186.130.2]:48285 "EHLO math.psu.edu") by vger.kernel.org with ESMTP id ; Wed, 14 Aug 2002 19:17:18 -0400 Date: Wed, 14 Aug 2002 19:21:09 -0400 (EDT) From: Alexander Viro To: Brian Pawlowski cc: Trond Myklebust , dax@gurulabs.com, torvalds@transmeta.com, kmsmith@umich.edu, linux-kernel@vger.kernel.org, nfs@lists.sourceforge.net Subject: Re: [NFS] Re: Will NFSv4 be accepted? In-Reply-To: <200208142234.g7EMYvQ21700@tooting-fe.eng> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 981 Lines: 26 On Wed, 14 Aug 2002, Brian Pawlowski wrote: > > RPCSEC_GSS is not an argument for NFSv4... > > yes. > > But ACL support over the wire is an argument for V4 - and fine grained > authorization coupled to strong authentication makes for a flexible > security package. Not really. With the quality of existing userland (Linux, Solaris, *BSD, NT, etc.) _anything_ more complex than "I'm the only one who can create or remove objects here" is a big, gaping hole. Which makes any theoretical benefits (if any) of ACL-based schemes moot. Same (to slightly less extent) applies to regular files. In other words, if you need something more complex than usual - you are screwed on the userland side, regardless of the kernel behaviour. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/