From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS22989 209.51.188.0/24 X-Spam-Status: No, score=-3.9 required=3.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dcvr.yhbt.net (Postfix) with ESMTPS id 3A0F31F47C for ; Fri, 13 Jan 2023 10:03:30 +0000 (UTC) Authentication-Results: dcvr.yhbt.net; dkim=pass (1024-bit key; unprotected) header.d=renesas.com header.i=@renesas.com header.a=rsa-sha256 header.s=selector1 header.b=E5A9VMoQ; dkim-atps=neutral Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pGGuC-000376-Cb; Fri, 13 Jan 2023 05:03:24 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pGGu4-00035B-2d for bug-gnulib@gnu.org; Fri, 13 Jan 2023 05:03:16 -0500 Received: from mail-os0jpn01on2090.outbound.protection.outlook.com ([40.107.113.90] helo=JPN01-OS0-obe.outbound.protection.outlook.com) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pGGu1-0002Ja-Gy for bug-gnulib@gnu.org; Fri, 13 Jan 2023 05:03:15 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JUorRPwWodPfX6rKjTgUtmHi1r+PAfkUkUKoaoYhrk5nRf3MlAGNITWwfGag9UohcUSLut7f329ucrEMMfSpheNeXe3nnTc/txuA/6rh5QsdCJxdvdyja7Kw2j/BT0FozLWAMlwVQv5A1E/C7iOntxOaWiNt8nONeGCl8ZrA/kAqJPWPT/ZDgOejIZcQhF+PVH5yyZ6+CEYxhRpoKbC8eMEQtA8ChLW18bonpsy3JBIZFGTFxTxrweHTW3B/7OK8sNh+JhuWfM/ZOh0cRCufS91KJrIL8g/FHuwLAbFzCssrd5UXNNzuXbfMM9k68ivAucMp4jaIj72zi/EPbpCGNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=umc+pbt5Y2f//VS/5AlXAyCpiIFJvWZQ9WPNdfmGV3g=; b=EBSs43MkNSxTUv+ilYrKzAFbYvBLA+4xC+5KrXv7xjtO4J3vbWqDuc7E/YO0gvn0R5ybhau+w3OeqxzXzBK66R6bHpzPfntCLwgp6Aq7jVQ2jF2TdmBaoTkNQtN8jf9NoLaklCyueZiVfbKxN4tTLnRDbapyGhQN55WYjzjLN4tOkmA2Ctx7dTd1KPvCcGiRTrK9eqfGU38eJ1PBQ3wJexWaBaPk15hOMZ1K822WKAK+R8czAh5iXZNwbjTrGdTvue9+ssC41RJUqvxEMGP/ClrS+04glH0Ts/b5fdGMToU7iJCo6F0WmU4g6+/+PCkf+pOnmHic6HlIOTAgKFuTmw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=renesas.com; dmarc=pass action=none header.from=renesas.com; dkim=pass header.d=renesas.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=renesas.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=umc+pbt5Y2f//VS/5AlXAyCpiIFJvWZQ9WPNdfmGV3g=; b=E5A9VMoQo/I7lmRw3sz8Ch4GMInThWXhDsQ7jymAz0cHOJRTe3BGWOhrOyDbj+SRLMjUmsM9Ti2DxE/I1RPyom3cFSzvrB9Tx3U0vkoISVfInC2O9hPt5IIxMKxGys5+Zo69CmNht5JXEgF8EvCHDGabIiA2QhhYOr2AGd/xJIk= Received: from TYXPR01MB1854.jpnprd01.prod.outlook.com (2603:1096:403:d::19) by TYAPR01MB5451.jpnprd01.prod.outlook.com (2603:1096:404:8039::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.12; Fri, 13 Jan 2023 10:03:07 +0000 Received: from TYXPR01MB1854.jpnprd01.prod.outlook.com ([fe80::588e:988e:be0a:2538]) by TYXPR01MB1854.jpnprd01.prod.outlook.com ([fe80::588e:988e:be0a:2538%6]) with mapi id 15.20.6002.012; Fri, 13 Jan 2023 10:03:07 +0000 From: Ondrej Valousek To: Bruno Haible , "bug-gnulib@gnu.org" , Paul Eggert Subject: RE: ACL complexity Thread-Topic: ACL complexity Thread-Index: AQHZJy+WDOoskm/2vUKOPlpXhygXza6cGB4Q Date: Fri, 13 Jan 2023 10:03:07 +0000 Message-ID: References: <20230104143425.1235741-1-ondrej.valousek.xm@renesas.com> <3915504.t68216eyJU@nimes> In-Reply-To: <3915504.t68216eyJU@nimes> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=renesas.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: TYXPR01MB1854:EE_|TYAPR01MB5451:EE_ x-ms-office365-filtering-correlation-id: 7a8b6395-2dd6-4e7f-38f2-08daf54d5eb9 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: +ugwhYFl2E2iHlS3QW2NHU9O61N+PvtEmxT0ua0GHu/5zCuFII/HxQOhqsO8hC6Egk5hjGBBYHHVrUPRnlpPnrwbgXuR+c8i9Xu2tbCu53hDw6goITRDXEFJs+M6Vs584nEqAlFWE62vxhEwxbr0bKOeJdS23DHQCUgZ4n/KkUYNiYT4v2HJ0a4D71Co2wy8wxAuXRFLq/b9+5NaAWtl6BxWIEFJaOu53VHivT+BNQyh2ifAMn6fol/5A2nTpJQAKW6vF+gmh5rW7MRbuA0RiXZ1nW/mkwO44ldQL/gDIaAsBwT13SL08mdo9w7dps3jtU9DmEsOH9cFh8m+m0oAYVG7cCRMwtvYOWt/BHmGJYukWGVekmYrv6A3QlJkNDjrQ0xOTIGXA/sf1ASsu8Uo4b21WOrZGeMTMz4Yy7GJwqw9FVwhMIi1IhJfM4WYn3DeeXhb+RUrs/Z7SDRhG1qx8vqoM+KsPgp9UfPqjjFvpQZ6w/RtidLo2YZlWXVrut24mgiJaavKQqk8kjcq14T2ovrdH1+CFyPf3034pax+e6Z79CDpP/qbFEm4lusndycQReVSNxFuFO+gb0mIidr61uC3aDbU2D+bYiNxzWBLpM0FAkbNm0/VGudnB+ybS+MAGNs9U3bG7TZVRLdYOvA5AYPNX62tcCXQMFeyJI6/C0C9UXWm61YKSf6RxUL0y8uEozOcKK2TqsMUc4gnBJ0wCg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:TYXPR01MB1854.jpnprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(376002)(396003)(346002)(366004)(39860400002)(136003)(451199015)(478600001)(71200400001)(7696005)(2906002)(38100700002)(86362001)(33656002)(83380400001)(9686003)(6506007)(55016003)(26005)(3480700007)(186003)(122000001)(8676002)(66476007)(52536014)(5660300002)(66446008)(64756008)(66946007)(76116006)(7116003)(66556008)(41300700001)(316002)(110136005)(8936002)(38070700005); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?F3Xk3XJR34Ga2eHxqVer61SHKrIzjgkL06Q4ISaLBFk521qoApP8hmrH4N0/?= =?us-ascii?Q?v5GgWPNmmFknjSpryI48dlCA0/rWq2LEC5SH4vnP2f0zVF8U8xkPe6PSPZGN?= =?us-ascii?Q?2FfkgaDUdurL2T+vZkvj45ZSSaG2vAps6FV3OmY4PY2r7YI/AtVzXK8LmN7q?= =?us-ascii?Q?7c4eLir67QeaY88XDsY1M6vr1FwO5Fa+OpN55abYWce9eTjr5iH2lzekiOgZ?= =?us-ascii?Q?PWtO3RjSOCO1J6PJEjpRikwl6qymncXE/Yucb7oOMMyUKNysIvJDDzZlHvGt?= =?us-ascii?Q?PL4sRXJzw1e4OkzSSYF/sgZfMLaEk2Rfytle0+KqaswmNC8cXanyjROT8KUv?= =?us-ascii?Q?5WsDalG/nEQVip6XDvTCwOo7yJnMs5XQptmWs5oE/oZONtbk537G87SWvf2z?= =?us-ascii?Q?rtlQswpCa3mgGX41KaAbnepkypNT9k17l13Y7ZAcqowXG1oC7X4kR9CRGhOo?= =?us-ascii?Q?AF9K92rWCq3IU1E6z5R1kRJ+RaLHBkoUGMBvGxH1bFzfMOmcpPPlgc9dj4W/?= =?us-ascii?Q?B9tUx8WInMQJu/RCb/MqUlKPV5cAXzJzPNnWnKgtfuFVi8px78fYq5U8IYGd?= =?us-ascii?Q?vLJkV4kdATQbKwprRM7eJOUc9K8WCUKE1xf39cPhk9p3f5GY2l6szqO+m7WO?= =?us-ascii?Q?P33OX00sOQHwpOFCls6tMdjp6DzV08+Ff/wGpEm4MhHcsFbP+xwPFVAlCkJ7?= =?us-ascii?Q?WXo/JzCH7lVw9wil7wI9EcBp4wVMRkJ3R6S13npBt1/gad3lDawHmQ+0y928?= =?us-ascii?Q?sxvC9Ush15wjbWzUycShB3PQ7vtLHMg20JIGgSDrflFVtmmliaA0heZNqn8V?= =?us-ascii?Q?EOPmoJ8u7jcT9CHkg5z4kdaSsh7cRe5UFpXWcYTyv6+wP8fVsCuLdCYlpUR0?= =?us-ascii?Q?iZIDLST4UrXSxLpoTx6FNcZPirRw4qg/RRytU3dE5FsPhC+QEu3yT0MHujR4?= =?us-ascii?Q?yF1QKinH/hmU7Zz6/HlCbqXmPa6D0GD0tR6VgUeXPlcJ3KZ/6GxpxKVzo/ub?= =?us-ascii?Q?f6SB0YoonWZCQRspKXH8TW6vIJwImGWKHKBy73RqjTtNM3YHje5ggws5tebN?= =?us-ascii?Q?DC/T0Wz3Wj+oFZB2OIxNG8eZCsgcbhPWI49mlrfjOvFf3tmTguFjfFefLaxv?= =?us-ascii?Q?VFRExAoKFVbwiARsgbChG284tLCrNNY/yvD2qhtMPaDfmQ8D++jZdhKV7FNi?= =?us-ascii?Q?iu0aW0NqfKYaC/SnDlxsRog+1B480Xfj+OOWXtcvHaUCszq2gqUt3eAqTZAM?= =?us-ascii?Q?BIeE6PlpQVkyfuGkoxDN7/AzavD5TsKEnjBSXdDsP5CcGug9BNSNdOqtmQOl?= =?us-ascii?Q?1j4dEmre3ZjEyDwMB6LchHDZ/VYUkTVE1IDd+maXLOjS++h+tiX4MpJOQZV1?= =?us-ascii?Q?3eYp+sN2P0dklLLfjixb6L1w0F3dZfVOuvh15MONZA3hE4BLGlcohEf6UaBg?= =?us-ascii?Q?ncTxOECrmevj7t9wyx5B3dsAUNHmQ/V+13oVCa/sDh04CyXD8VfKN2fY5906?= =?us-ascii?Q?pn9kAElF3TB0Y3asNgsYIsIWthdU65BYo3gtZFMnHn/IEKDqz3CD+JxhS0bm?= =?us-ascii?Q?Py6IRCZxdWhbeHJaYDuyzuPPIGYqlgFn8XBcigmB4V/SzE0xBcV5pgjZNkzF?= =?us-ascii?Q?uQ=3D=3D?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: renesas.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: TYXPR01MB1854.jpnprd01.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7a8b6395-2dd6-4e7f-38f2-08daf54d5eb9 X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jan 2023 10:03:07.6517 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 53d82571-da19-47e4-9cb4-625a166a4a2a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: vGNsUJsotdqZPdzTXk+VVCbjixkP9AUoz8q73vYKR4JfkmmQ235I547CivjjDM9/QcUvU9ZFRml+HAuTR+Y9HHjeRee39+FD6EnOOqM2UsY= X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYAPR01MB5451 Received-SPF: pass client-ip=40.107.113.90; envelope-from=ondrej.valousek.xm@renesas.com; helo=JPN01-OS0-obe.outbound.protection.outlook.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: bug-gnulib@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gnulib discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org Sender: bug-gnulib-bounces+normalperson=yhbt.net@gnu.org > More generally, I find the semantics and the syntax of ACLs on most syste= ms to be more demanding than what the average command-line user can grok.=20 Completely agree here, especially true for so-called posix draft ACLs. > While for random features of the OS this would just be a nuisance that ca= n be ignored, for a feature with impact on security this is a major problem= . Yes > Suggestion: Add a mode to 'ls' (not to getfacl, because average users kno= w about 'ls' only) that displays the same info with explanations. It doesn't matter if the output is 25 lines instead of 8 lines, in this mod= e. Well, I was thinking about it as well, see how nicely the OpenSolaris/OmniO= S does it using it's -V option: root@omnios:/mnt# ls -lV acl -rw-r--r--+ 1 root root 5 Jan 4 09:11 acl user:ondrej:rwx-----------:-------:allow owner@:rw-p--aARWcCos:-------:allow group@:r-----a-R-c--s:-------:allow everyone@:r-----a-R-c--s:-------:allow maybe we could reuse some of the code from there (not sure about the legal = stuff). The problem is also that I'd like to include support for NFS4 acls,= and since Linux libacl does not have it, we'd have to stick in Gnulib prob= ably.