Hello Tetsuo Handa, I think it may be useful for CaitSith to have also more generalized actions, like readonly_access and writable_access. For example, if I want to make some subdirectory tree globally read-only (I think that could be very common wish) now I need to add many similar acl rules to deny all actions what can modify, add, rename, link, unlink, chmod, truncate, append, mk*, chown, and chgrp files in it. That is like 12 rules with the same path and rules, which is heavy duplication. It will be much easier to understand and write single rule which includes all these actions in good way. So, for example, I would write 1 acl writable_access path="/home/repo/\(\*\)/\*" 1 deny task.exe!="/usr/local/bin/repo-accessor" 1 allow Instead of 12 similar rules. Best regards,
TOMOYO
Fork