private group administration

Les Mikesell lesmikesell at gmail.com
Sat Oct 18 16:55:07 UTC 2008


Colin Walters wrote:
>
>>> <mw_triad at users.sourceforge.net> wrote:
>>>> If 'chmod g+w file;chgrp foo file' is too much work then there should be
>>>> a command that can do both.
>>> Groups are broken.  Use access control lists: "man setfacl"
>> ACLs inherit the brokenness of groups, e.g. it is not possible to enforce that
>> everything within a certain directory is owned by everyone of a group,
> 
> The point is with ACLs you don't need the files to have a specific
> ownership (user/group) as long as they have the right ACLs for access.
>  A good way to do this is to avoid groups entirely and just add the
> users you want individually.

This is unmanageable as the people in groups change.  When you are 
designing operating systems you should understand that underlying data 
and work processes may need to survive and be usable for decades as the 
hardware and people change. I don't think anyone working with fedora 
gets that.

-- 
   Les Mikesell
    lesmikesell at gmail.com




More information about the fedora-devel-list mailing list