From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS22989 209.51.188.0/24 X-Spam-Status: No, score=-3.7 required=3.0 tests=AWL,BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id EFE331F47C for ; Fri, 13 Jan 2023 09:15:39 +0000 (UTC) Authentication-Results: dcvr.yhbt.net; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=clisp.org header.i=@clisp.org header.a=rsa-sha256 header.s=strato-dkim-0002 header.b=IGRn3Exv; dkim-atps=neutral Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pGG9r-0005ft-Hv; Fri, 13 Jan 2023 04:15:31 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pGG9l-0005fN-FJ for bug-gnulib@gnu.org; Fri, 13 Jan 2023 04:15:25 -0500 Received: from mo4-p01-ob.smtp.rzone.de ([85.215.255.52]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pGG9j-0002yv-AY for bug-gnulib@gnu.org; Fri, 13 Jan 2023 04:15:25 -0500 ARC-Seal: i=1; a=rsa-sha256; t=1673601312; cv=none; d=strato.com; s=strato-dkim-0002; b=qUXpTXM8qrpdP6AFw4EZ9COK4+yQ6uFMnTvDsEXUYiBwtfYaSwWIiSgwzPJqmaGaWN U4MvlMR1IMAKfn1ITATxQZ96x0QgCV+8nXTvmNKS8yBrevg7lXNq7GqnzpIsfJ7JbzO4 6CuQPst7FW4u0uUx1pqH66dLJGrAE8bjxfPpRaNhh9w0W3kRsKw0BSUGWdnCBhYvNDpS P4nxzZPQElMjvDUXzgRvaxu/+7GBWXrKA5y2/2mujSofHBX0Ru1iIrZb/VpwwI/FAsa1 Vi4UqpuZSVNXNf5ieEruFltKu99yM2i7NdJzZl5UDQVZqt3PPpaOzyCbesTVz+7vFN0T hRpg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; t=1673601312; s=strato-dkim-0002; d=strato.com; h=References:In-Reply-To:Message-ID:Date:Subject:To:From:Cc:Date:From: Subject:Sender; bh=mUkndvMU1QJIiR8L8+a82X05Egi7Peaxvj5k3P0ADG8=; b=l763XH/gUi2OoLZKJL9W3wbDlxHIDhdwyw0aiTzrCrKzSajMK3s5QC+h4IVbuzbLgK posmidF/OHg6iSTBkgkSTT42psnwqFRMub8s1Wk+8Nv3aDKQSa04dehT8WbHE8n7h1dJ SDalxuaXqsgrUf2GG2a3RjFlPE1t5W/L5vLC5ArvnnNJAFTnFFVdgzvZVUSi/X0ZpFLE 7Ts3BFuh5C+ZjcVPWZ9Ht7YI7kSdfdoopu1lNleg/zzMeuZ8Nr/8DIWTjam0IyHYLEdU DJDQ5wCH9LmqQzxpCHYXuJYBvvbV2rga8u8YILQL3carTvIotgfXX/xXQZa1pgPPuKNK +6FA== ARC-Authentication-Results: i=1; strato.com; arc=none; dkim=none X-RZG-CLASS-ID: mo01 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1673601311; s=strato-dkim-0002; d=clisp.org; h=References:In-Reply-To:Message-ID:Date:Subject:To:From:Cc:Date:From: Subject:Sender; bh=mUkndvMU1QJIiR8L8+a82X05Egi7Peaxvj5k3P0ADG8=; b=IGRn3Exv9zI7pyeEeJW2Dm8x+0BM8hBDwMBlkQvZXeE9YMwfynKkKAFuJp73zvEPo9 EkCeD4gFlt2p69yJ2vkMTNwW5sK6gJnajYNm3nDWivJY2EBj956TN23Et2xVOzChAiNg R547h/asZCanu8jfzUiufHCdyyL5OYe0FwmUZxURffjMO4+vJ/7v6YoJPeORL5giwtrk RS9JqoB0WnMZo3NFc+Vz6WR5E6IxCL4qiWuA45yzWC+yd8KHXhO3qAmshQfO4PZnN7Gf xgNOkC5wTkYABhMseduDjSE60Nqrh2fIa1Lv85mInf1oAupzhn8vzAqCcs5TDCdiUhHP aVrw== X-RZG-AUTH: ":Ln4Re0+Ic/6oZXR1YgKryK8brlshOcZlIWs+iCP5vnk6shH0WWb0LN8XZoH94zq68+3cfpOXjv2XTu3l95++Pe54Opj0GYzUnQ==" Received: from nimes.localnet by smtp.strato.de (RZmta 48.6.2 AUTH) with ESMTPSA id I8f358z0D9FBAMp (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)) (Client did not present a certificate); Fri, 13 Jan 2023 10:15:11 +0100 (CET) From: Bruno Haible To: Ondrej Valousek , bug-gnulib@gnu.org, Paul Eggert Subject: Re: ACL complexity Date: Fri, 13 Jan 2023 10:15:11 +0100 Message-ID: <3915504.t68216eyJU@nimes> In-Reply-To: References: <20230104143425.1235741-1-ondrej.valousek.xm@renesas.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Received-SPF: none client-ip=85.215.255.52; envelope-from=bruno@clisp.org; helo=mo4-p01-ob.smtp.rzone.de X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Paul Eggert wrote (when talking about libxattr and such): > No kidding. This stuff is waaaayy too complicated. More generally, I find the semantics and the syntax of ACLs on most systems to be more demanding than what the average command-line user can grok. While for random features of the OS this would just be a nuisance that can be ignored, for a feature with impact on security this is a major problem. What I mean is: 1) The syntax. # getfacl /tmp/file getfacl: Removing leading '/' from absolute path names (<< what is this about?) # file: tmp/file # owner: test1 # group: test user::rw- user:test3:rw- group::rw- mask::rw- other::--- A sysadmin may understand this, but an average command-line user won't. Suggestion: Add a mode to 'ls' (not to getfacl, because average users know about 'ls' only) that displays the same info with explanations. It doesn't matter if the output is 25 lines instead of 8 lines, in this mode. 2) The semantics. What are "effective" permissions https://tylersguides.com/guides/linux-acl-permissions-tutorial/ ? Suggestion: Provide a kind of "testing toolbox" to the users, which they can use to simulate what happens when someone tries to access an existing or new file, after they have set specific permissions and ACLs. Bruno