Re: ACL Inheritance?
Re: ACL Inheritance?
- Subject: Re: ACL Inheritance?
- From: James Peach <email@hidden>
- Date: Mon, 23 Feb 2009 21:33:02 -0800
2009/2/23 Jeremy S. Albrecht <email@hidden>:
> Ben,
>
> Check out a program called Sandbox ( http://www.mikey-san.net/sandbox/ ) for
> easy ACL work. When I have an issue similar to yours I basically set the
> ACL as desired on the parent directory, tell it that it's inherited from
> it's parent, and then propagate it to all subfolders, *then* take away the
> "inherited" flag from the parent folder. A bit of a round-about way to do
> it, but it works.
If I understand what you are doing, I don't think it is the correct approach.
The ACL at the root of an inheritance tree should have at least one
ACE that is marked file_inherit or directory_inherit. When these ACEs
are copied to child objects, they should be marked with the inherit
bit. This is so that everyone else knows how the ACL inheritance tree
is constructed and can reflow it.
If you don't correctly maintain the inheritance bits, then it all just
looks like a collection of direct ACEs to the system. The problem with
this is that if someone comes along an adds just one direct ACE to
something in the inheritance tree, then you can't reflow any more
because you lost the information about which ACEs where inherited and
which were not.
--
James Peach | email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Darwin-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden