Re: Support for ACLs/non Unix style permissions in gnome-vfs

On Mon, 2002-08-12 at 22:04, Seth Nickell wrote:
> On Mon, 2002-08-12 at 08:11, Michael Meeks wrote:
> > Hi guys,
> > 
> > On Fri, 2002-08-09 at 18:16, snickell stanford edu wrote:
> > > > with recent exposure to file system ACLs (the betas of our next
> > > > release), I thought about what's barring nautilus to handle them as
> > > 
> > > Fantastic! This is on our "TODO" list, but we've all been lazy and
> > > slack, and done other things. We had a draft API for this some months
> > > back, I'll try to dig that up for you when I get home.
> > 
> > 	It'd be really great to try out the 'gep' process with this; it's the
> > sort of level of API addition that people would want to see discussed
> > etc.
> > 
> > 	See the 'gep' CVS module,
> I dunno Michael, it doesn't seem any more requiring of gep than any
> random API change. I thought gep was primarily intended for changes /
> features that required a lot of cross-module discussion or give and
> take? I hope we're not trying to put every API change through gep, I
> think that would slow things down more than it would really be helpful.

I agree. Nevertheless I think we should discuss the details, for
instance whether we should have one general one-size-fits-all API/object
type or something more modular with say different permissions object
classes, where there necessarily would have to be a bit more
intelligence in the program using them. I think a mixture of both could
be ideal because both have drawbacks:

- I think a fully general API / object class is infeasible because even
I know ACLs/permissions that go beyond what has been discussed in
"really rough draft ACL interface for GnomeVFS" last November. Think of
negative ACLs (forbidding certain access -- Windows NT has them, they
take precedence over positive or "allowing" ones), think of ACLs where
order does matter (first match instead of best match), we also didn't
talk about permission inheritance (again Windows NT and later).

- Totally different permission object classes would require too much
intelligence in the program using them.

My rough idea is different permission object classes (a class hierarchy)
with a sensible general API, some special API on one or more of the
classes and means for the program to query the classes' features or
something like that.

Oh and don't tie one ACL class too tight to a file system, e.g. ext2/3
is out there with and without support for ACLs, both ext3 with ACLS and
XFS support very similar ACLs and extended attributes (another FS
feature that could be supported).

What do you think? 

Nils Philippsen / Berliner Straße 39 / D-71229 Leonberg //
   nils wombat dialup fht-esslingen de / nils redhat de / nils lisas de
   PGP fingerprint:  C4A8 9474 5C4C ADE3 2B8F  656D 47D8 9B65 6951 3011
       Ever noticed that common sense isn't really all that common?

Attachment: signature.asc
Description: This is a digitally signed message part

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]