> There might be a misconception, I surely was not clear enough. Imagine
> a filesystem where every filesystem object (file, directory) has it's
> fully resolved ACL stored in (a) it's directory entry or (b) it's stat
> data. (This also needs to be discussed.) This way, you can quickly
> know wether to allow or deny an access, you do not need to check ACLs
> of all parents. I think this is the way you (Ted) imagine ACLs.
>
> The only real drawback of this implementation would be that ACL
> setting is slow. (But checking is (much) more important than setting.)
> But there might be an easy way to overcome the problem: when you run
putting the ACL in the directory entry is an administrative nightmare; you
have >1 ACL for files with >1 i_nlink
-- Peter"If the facts don't fit the theory, change the facts." -- Einstein
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/