On Sat, Feb 12, 2011 at 3:38 AM, Drew <drew.kay@xxxxxxxxx> wrote:
>> RHEL and CentOS have much, much tighter basic privilege handling. The
>> complexity of the NTFS ACL structure, for example, is so frequently
>> mishandled that it's often ignored and simply dealt with as
>> "Administrator". The result is privilege escalation chaos.
>
> And how is the user-group-world permissions system any better?
>
> I work daily with both *nix & NTFS ACL's and given the choice I prefer
> NTFS' for the finer grained control.
>
> You want to create a folder in which user A & B have access to but
> nobody else? In *nix you create a group that both those users belong
> to and set the folder to use that group's permissions. In NTFS you set
> the ACL's so those two users have (almost) full access to the folder.
> Simple enough.
in unix you can use acls as well. See getacl/setacl. No sweat.
Anyway, neither in windows nor in unix/linux you want to specify
permissions on a per user level. Always groups. If the user leaves the
company and the permissions are on a per user level you need to start
all over again. If on a per group level, just disable/remove the user
from the group and it keeps working for the rest of members.
Bonus points if you enable your helpdesk group to administer the groups
and the children folders so you no longer have to waste any time with
this boring stuff.
--
natxo
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
