RE: ACL complexity

[Ondrej Valousek]

> More generally, I find the semantics and the syntax of ACLs on most systems 
> to be more demanding than what the average command-line user can grok. 
Completely agree here, especially true for so-called posix draft ACLs.
> While for random features of the OS this would just be a nuisance that can be 
> ignored, for a feature with impact on security this is a major problem.
Yes

> Suggestion: Add a mode to 'ls' (not to getfacl, because average users know 
> about 'ls' only) that displays the same info with explanations.
It doesn't matter if the output is 25 lines instead of 8 lines, in this mode.

Well, I was thinking about it as well, see how nicely the OpenSolaris/OmniOS 
does it using it's -V option:
root@omnios:/mnt# ls -lV acl
-rw-r--r--+  1 root     root           5 Jan  4 09:11 acl
            user:ondrej:rwx-----------:-------:allow
                 owner@:rw-p--aARWcCos:-------:allow
                 group@:r-----a-R-c--s:-------:allow
              everyone@:r-----a-R-c--s:-------:allow

maybe we could reuse some of the code from there (not sure about the legal 
stuff). The problem is also that I'd like to include support for NFS4 acls, and 
since Linux libacl does not have it, we'd have to stick in Gnulib probably.