On Wed, Jul 31, 2019 at 2:46 PM Grant Taylor via TUHS <tuhs@minnie.tuhs.org> wrote:
I thought that ACLs acted as additional gates / restriction points
beyond what standard Unix file system permissions allowed. 
It's really how strict you want to be in the definition of an ACL.   UNIX uses the same basic/simple model but traditional UNIX style ACLs of 3 options of 3 modes are implemented are just more coarsely defined than say VMS or later NT or SELinux, uses for their file systems.   It's arguable that the extra granularity of the others actually adds a great deal in actual day to day use cases.

At one time, I will admit that I had thought VMS style ACLs might be more helpful to UNIX and we added them to one of our file systems, but when I look back on 40 years of using anything beyond UNIX style ACLs its been pretty rare when I actually needed much more (i.e. theory vs. practice).

The problem is the programming interface tends to get more difficult when you add some of the extra features.   To me the brilliance to UNIX has always been getting down to a very simple interface that was "good enough" to get the job done and not so full of extra stuff that it gets in the way (which tends to be a complaint by way with Linux -- which does have a lot of new/rich features, but so full of some many different features theses days you have to wonder is/was it worth it).   

To me, it's arguable that ACL's beyond R/W/E and U/G/E is really needed in practice.