Does supporting POSIX applications require ACLs?

[Neal H. Walfield]

At Tue, 25 Oct 2005 09:14:53 +0200,
ness wrote:
> 
> Jonathan S. Shapiro wrote:
> > On Mon, 2005-10-24 at 21:09 +0200, Alfred M. Szmidt wrote:
> > 
> >>     1. Why do we need *another* POSIX OS? What real value can it
> >>        provide?
> >>
> >>Because rewriting the 300 something GNU projects is not realistic.
> > 
> > 
> > This is an argument for a compatibility layer. Perhaps for more than
> > one. It is not an argument for recreating POSIX as a core system.
> > 
> When I said
> > Yes. One of our aimes is to build a unix replacing OS. 
> I tried to point to this compatibility layer. Of course we use 
> capabilities in the core, but the POSIX layer has to support acl based 
> access control.

I'm not convinced that we have to support ACLs.  I think the question
needs to be asked: how many applications rely of ACLs?  Many
applications just open files and read and write some bytes.  For these
applications, the fact that access is granted based on an ACL, a
capability or something else is immaterial: if open succeeds and
returns a file descriptor to the named file then all is well.

I think that the first question we should ask is: what applications do
we *want* that require ACLs?  Having identified these, the next
question should be: is their dependency on ACLs an implementation
issue or a functionality issue?  That is, can the implementation be
changed to avoid using ACLs without the loss of important
functionality?  If the answer is no, then the next question to ask is
what does functionality does it require and how can be build this on
top of capabilities in a confined way?

Thanks,
Neal