-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Les Mikesell schrieb: > Colin Walters wrote: >> >>>> <mw_triad@xxxxxxxxxxxxxxxxxxxxx> wrote: >>>>> If 'chmod g+w file;chgrp foo file' is too much work then there >>>>> should be >>>>> a command that can do both. >>>> Groups are broken. Use access control lists: "man setfacl" >>> ACLs inherit the brokenness of groups, e.g. it is not possible to >>> enforce that >>> everything within a certain directory is owned by everyone of a group, >> >> The point is with ACLs you don't need the files to have a specific >> ownership (user/group) as long as they have the right ACLs for access. >> A good way to do this is to avoid groups entirely and just add the >> users you want individually. > > This is unmanageable as the people in groups change. When you are > designing operating systems you should understand that underlying data > and work processes may need to survive and be usable for decades as the > hardware and people change. I don't think anyone working with fedora > gets that. > This is actually what students tell me as well. Using ACLs file permissions are quite hard to manage over time. ACLs tend to stay on fs entries when users get deleted. It is an extra burden on the admin to search and remove them. We should find a way to make it easier to maintain ACLs - especially in case users are removed from the system. I'm sure a clean up script could be devised for the case of user removal. This would ease the process. Or does such a script/program exist already? Cheers Lutz - -- Lutz Lange GLS Instructor Red Hat GmbH Hauptstätterstrasse 58 D-70178 Stuttgart - Germany Tel. +49 711 96 437 570 Mobile +49 172 75 285 17 Fax +49 711 96 437 111 Email: llange@xxxxxxxxxx ____________________________________________________________________ Reg. Adresse: Red Hat GmbH, Otto-Hahn-Strasse 20, 85609 Dornach bei Muenchen Handelsregister: Amtsgericht Muenchen HRB 153243 Geschaeftsfuehrer: Brendan Lane, Charlie Peters, Michael Cunningham, Werner Knoblich -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD4DBQFI+vms15TuH1mPaRURAn7zAKCBwHqPprQOGJWc2xJRJhrIqMqLuwCWMylQ 19l0a/9fYRp8bFBpobbR+A== =F5JM -----END PGP SIGNATURE----- -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
