Suppose a per-subject access control list is used. Deleting an object in such a system is inconvenient because all changes must be made to the control lists of all subjects who did have access to the object. Suggest an alternative, less costly means of handling deletion

What will be an ideal response?

There
are
many
different
approaches.
The
reason
these
updates
need
to
be
made
is
in
case
a
txt1.txt
is
deleted,
and
a
new
txt1.txt
is
created
in
its
place—the
new
txt1.txt
should
not
inherit
its
predecessor's
permissions.
A
way
to
circumvent
this
issue
is
to
take
the
following
steps:
1)
When
an
object
is
deleted,
instead
of
deleting
it
from
the
object
store,
append
to
it
a
signifier
to
indicate
that
it
has
been
deleted.
If
any
subject
attempts
to
access
a
deleted
object,
delete
the
access
control
entry.
2)
When
a
file
is
created,
check
to
see
if
it
has
a
predecessor
(a
deleted
file
with
the
same
name).
If
it
has
a
predecessor,
remove
all
of
those
predecessor's
permissions
(by
following
the
delete
procedure
explained
previously).
This
will
limit
the
instances
of
the
"expensive"
delete
procedure
by
only
using
it
in
order
to
prevent
accidental
inheritance
of
permissions
from
a
similarly
named
but
since
deleted
file.