Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!gatech!bloom-beacon!think!ames!ptsfa!ihnp4!alberta!calgary!thompson
From: thompson@calgary.UUCP (Bruce Thompson)
Newsgroups: comp.misc
Subject: Re: access-lists vs. unix permissions
Message-ID: <1031@vaxb.calgary.UUCP>
Date: Mon, 20-Jul-87 14:34:41 EDT
Article-I.D.: vaxb.1031
Posted: Mon Jul 20 14:34:41 1987
Date-Received: Wed, 22-Jul-87 01:07:18 EDT
References: <1334@ssc-vax.UUCP> <860@ssc-bee.ssc-vax.UUCP> <1151@bloom-beacon.MIT.EDU>
Organization: U. of Calgary, Calgary, Ab.
Lines: 26
Summary: Access-lists are not neccessarily one per file

In article <1151@bloom-beacon.MIT.EDU>, langz@athena.mit.edu (Lang Zerner) writes:
> ... 
> protection.  You would need exactly one group for each file which had access
> list protection, just as you'd need exactly one access list per file in an
> access list-based system.

The need for one access-control-list per file is perhaps a misleading
statement. It is true, that each file needs an ACL associated with it, but if
two files have identical ACLs, then they could share a reference to the same
ACL object. This is the way that ACLs are implemented on Apollo machines. We
are working on DN3000s. Though I am not speaking from first-hand knowledge, a
number of inferences about the way in which the ACLs are implemented may be
gleaned from the utilities that are provided. In particular, a utility called
SALACL is provided to salvage identical ACL object from the ACL pool.
Typically, on our systems, each ACL is referenced by somewhere around 40
different files, providing some potentially significant savings in disk space
for the ACL pool. Whenever an ACL is changed, then a new ACL object is created
for the file who's ACL was edited. I would have to wonder whether or not the
groups idea mentioned previously would be able to provide this kind of
'cacheing' reasonably.

------------------------------------------------------------------------------
Bruce Thompson				| Disclaimer? But...but... I didn't
University of Calgary,			| say anything....really! Well,
Computer Science Department		| nothing of any interest anyways.
(403)220-3538 or (403)220-5109 (office)	|