private group administration

Chuck Anderson cra at WPI.EDU
Sat Oct 18 16:25:35 UTC 2008


On Sat, Oct 18, 2008 at 10:53:05AM -0400, seth vidal wrote:
> On Sat, 2008-10-18 at 10:40 -0400, Colin Walters wrote:
> > 2008/10/18 Till Maas <opensource at till.name>:
> > > On Sat October 18 2008, Colin Walters wrote:
> > >> On Fri, Oct 17, 2008 at 8:12 PM, Matthew Woehlke
> > >>
> > >> <mw_triad at users.sourceforge.net> wrote:
> > >> > If 'chmod g+w file;chgrp foo file' is too much work then there should be
> > >> > a command that can do both.
> > >>
> > >> Groups are broken.  Use access control lists: "man setfacl"
> > >
> > > ACLs inherit the brokenness of groups, e.g. it is not possible to enforce that
> > > everything within a certain directory is owned by everyone of a group,
> > 
> > The point is with ACLs you don't need the files to have a specific
> > ownership (user/group) as long as they have the right ACLs for access.
> >  A good way to do this is to avoid groups entirely and just add the
> > users you want individually.
> 
> If there are enough people working on a project this does not scale.

Right, with groups you can have files inherit the group from the 
directory they are in.  Is there any inheritance with ACLs?




More information about the devel mailing list