Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!gatech!bloom-beacon!think!ames!ptsfa!ihnp4!alberta!calgary!thompson From: thompson@calgary.UUCP (Bruce Thompson) Newsgroups: comp.misc Subject: Re: access-lists vs. unix permissions Message-ID: <1031@vaxb.calgary.UUCP> Date: Mon, 20-Jul-87 14:34:41 EDT Article-I.D.: vaxb.1031 Posted: Mon Jul 20 14:34:41 1987 Date-Received: Wed, 22-Jul-87 01:07:18 EDT References: <1334@ssc-vax.UUCP> <860@ssc-bee.ssc-vax.UUCP> <1151@bloom-beacon.MIT.EDU> Organization: U. of Calgary, Calgary, Ab. Lines: 26 Summary: Access-lists are not neccessarily one per file In article <1151@bloom-beacon.MIT.EDU>, langz@athena.mit.edu (Lang Zerner) writes: > ...> protection. You would need exactly one group for each file which had access > list protection, just as you'd need exactly one access list per file in an > access list-based system. The need for one access-control-list per file is perhaps a misleading statement. It is true, that each file needs an ACL associated with it, but if two files have identical ACLs, then they could share a reference to the same ACL object. This is the way that ACLs are implemented on Apollo machines. We are working on DN3000s. Though I am not speaking from first-hand knowledge, a number of inferences about the way in which the ACLs are implemented may be gleaned from the utilities that are provided. In particular, a utility called SALACL is provided to salvage identical ACL object from the ACL pool. Typically, on our systems, each ACL is referenced by somewhere around 40 different files, providing some potentially significant savings in disk space for the ACL pool. Whenever an ACL is changed, then a new ACL object is created for the file who's ACL was edited. I would have to wonder whether or not the groups idea mentioned previously would be able to provide this kind of 'cacheing' reasonably. ------------------------------------------------------------------------------ Bruce Thompson | Disclaimer? But...but... I didn't University of Calgary, | say anything....really! Well, Computer Science Department | nothing of any interest anyways. (403)220-3538 or (403)220-5109 (office) |