On VMS ACL's could be assigned using [group,user] or "Rights". If rights were used
then user accounts could be granted rights and gain access to the files via that path.

This was very useful on multiuser systems that had say 3 apps installed on them: payroll,
shipping and production. The applications were installed as their own groups under which
general user accounts had no access to. After the application installation rights could be
granted to files/directories under that applications directory structure.

Then user accounts could be granted rights such as: PAYROLL_FULL, PAYROLL_READ,
PAYROLL_WRITE etc. depending on their need to access that system. If the user had
no rights then the natural system security system of the VMS filesystem would keep
those users out of the application directorys. It really made system management much
easier as previous to VMS V5 or V4 there was just the standard [Group,User] concept.

They also worked on devices such as terminals, print queues (I think) etc. I have access
to a VMS system if details are required. I has been a few years since I looked at it.

Scott...


-----Original Message-----
From:	Ignatios Souvatzis [SMTP:is@netbsd.org]
Sent:	Thursday, March 08, 2001 3:47 PM
To:	Wolfgang Rupprecht
Cc:	tech-kern@netbsd.org
Subject:	Re: Support for ACLs

On Thu, Mar 08, 2001 at 11:03:23AM -0800, Wolfgang Rupprecht wrote:
> some extra goop on the side.  Just like most program that use ttys
> ending up having to know about the invisible tty baggage, most
> programs that creates files end up having to know about ACLs.  Thats a
> lot of code.  It will be an uphill battle to get third-party
> developers to add the ACL support.

Dunno.

On VMS; I ignored them most of the time, and programs didn't know about them.

I did set them manually on files or directories that needed them. Hm,
and I think there was a default ACL in a directory, which was used by files
created in it.

Regards,
	-is