On Tue, Apr 03, 2001 at 08:32:13PM +0200, wojtek@wojtek.from.pl wrote:
> > I would like to use ACL's on NetBSD.  For example, on a CVS server which
> > hosts multiple projects with many different groups of people, I could
> > allow the right persons to access the projects they are working on and
> > keep the others out.  Now I have to create a separate group for every
> > project and add the relevant users to all groups they need to belong to.
> 
> what's bad in it?!
> 
> i'm using such method in other things.

That there exist limits on the number of groups available on a
system (which is, admittedly, astronomically high) and on the number
of groups to which a given user can belong (which is painfully low).
chgrp halfway solves this problem, but it's a mighty clumsy solution.

Also, ACLs provide finer-grained control even within a given CVS
repository. And they are controllable by users, who do not have
access to /etc/group.

I use Solaris's ACLs for programming projects with other students
on the computer science systems at my college. Granted, I am also a
system administrator and *could* create a group for every project I
do as a student, but that's not true for all students, who must (and
frequently do) use ACLs for this process.

> i can't see this "simplicity". 

Then you've never tried to do serious work on a system where you
didn't have root. /etc/group is NOT the answer in this situation.
ACLs are.

       ~ g r @ eclipsed.net