On Tue Feb 21 14:23:13 2006, Timo Sirainen wrote:
On Tue, 2006-02-21 at 14:12 +0000, Dave Cridland wrote: > On Tue Feb 21 11:07:53 2006, Timo Sirainen wrote: > > > > Is SETACL id -<all rights> the same as DELETEACL id?> > > > > > > No. SETACL id -<all rights> means id is denied all rights in some > specific manner.Isn't that SETACL -id <all rights>?Minusing rights only removes the rights from the ACL, so I'd think once all of them are removed, the whole ACL could be deleted since there'snothing left.
Ah. Hmmm. Quite so. Options:1) It's equivalent then to SETACL id "", because it's removing any rights from the ACL entry for the id. Which might mean the same as "this identifier has no rights", or might mean "the rights of this identifier are not affected by this line", which is basically DELETEACL id, depending on whether "most specific" ACL entires are used, or "union" applies.
2) According to the first para of Section 3.1, it might mean the same as SETACL -id lrswipkxeta anyway, because the access control list as a whole is changed such that the identifier does not have the rights removed.
So, erm, I really don't know. :-)
Dave.
--
You see things; and you say "Why?"
But I dream things that never were; and I say "Why not?"
- George Bernard Shaw