Ghosts of Unix past, part 3: Unfixable designs
Ghosts of Unix past, part 3: Unfixable designs
Posted Nov 17, 2010 9:53 UTC (Wed) by iq-0 (subscriber, #36655)In reply to: Ghosts of Unix past, part 3: Unfixable designs by dlang
Parent article: Ghosts of Unix past, part 3: Unfixable designs
Apache doesn't do this for it is hard to get a good cross-platform file-change notification (which doesn't have possible side-effects).
It even has a good chance to be cheaper than the current unix model, since in a practical setup there would only be a few (compiled) rulesets in effect (still hundreds, but a lot less than actual dentries). One could possibly cache a pointer to the list of effective rules to a dentry/inode (depending on how the rules are to be applied, this is semantics, but I suspect you'd want them on the inode level).
But the decoupling of the details from every single inode can probably be done without any real performance impact (and possibly even performance gains). Whether you use hierarchical ACLs or matching rules shouldn't really make a difference and constant tree traversals shouldn't be necessary when done at the VFS level.