[Date Prev][Date Next]
Re: ACIs and OL 2.3
Quoting Piotr Wadas <firstname.lastname@example.org>:
>> I think this is the very important part here -- deprecated and discouraged.
>> I'd argue that long term, ACI support should be removed entirely (perhaps for
>> 2.5?). The entire concept of ACI's is broken.
> Is it really so bad? I mean, I actually don't now, you're probably
> right if you say so, anyway I'd really regret such feature to be
> discontinued. I was testing it very long ago, and, nevertheless its
> complexity and its experimental flavour, the concept itself
> was very exciting.
I've been using it successfully for years on my production machines.
Granted, it's a mess to work. But so is everything if you don't have
the right tools...
> I was hoping someday this will be implemented
> in tested/documented and stable version.
So did I.
> Imagine that someone could say, that "the entire priviledges and
> ownerships concept in Unix is broken", wouldn't that sound a little
> bit em. weird? :)
No, because 'everyone' have said it for years :)
That's why they invented ... whats-the-module that do ACL in filesystems...
Haven't compiled a kernel in quite a while, but there IS an option (and
have for quite a number of years) that gives MORE (MUCH more) control
to the administrator.
And in AFS (which I use extensivly), there's ACL's as well...
UNIX access control is _horribly_ broken. BUT, and I would like to plea
to the OL developers. Don't remove something like OpenLDAPaci without
having a replacement! Even though it might be bad, it's the only thing
usable (I'm not going with the ACL because _that_ I find broken! :).
Static access control!? You got to be kidding...
> what could do the work
> better than such (actually simple in its basics) concept ?
Basically anything for someone with a dynamic environment...
But let's not go there...