On Feb 13, 2009, at 1:21 AM, Da Rock wrote:
On Thu, 2009-02-12 at 21:52 -0800, Chuck Swiger wrote:
On Feb 12, 2009, at 8:52 PM, Da Rock wrote:
With reasonable organization, and appropriate use of sudo or setgid
binaries for things like people who use SVN or CVS, there generally
isn't reason or need for a user to be in so many groups. For the
exceptional cases, switching to using a full ACL system rather than
the traditional Unix permission model is probably going to be a
better
solution.
Interesting. What would you suggest for full ACL?
Well, it depends on what you're doing in terms of user requirements
and systems (ie, are the FreeBSD boxes fileservers, clients, or
both?), but the stuff which comes with FreeBSD is documented in
acl(3), getfacl, setfacl, etc. Other choices might involve something
like the Andrew File System / Transarc DFS stuff, or Windows Active
Directory and Samba/CIFS on the FreeBSD boxes....
Regards,
So you're talking in terms of the FS only? I thought you said the
kernel
wasn't capable? I'll have to look into this a more thoroughly, I'm
intrigued to say the least. Not to say I'll ever probably use it,
but it
does present a limitation.
I only ran up against the problem because I added this user to a
bunch of other user's groups, so that she could edit those user's
files. Easily refactored into something more sensible.
-- John
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[email protected]"
