Subject: Re: ACL's revisited
To: Wojciech Puchar <wojtek@wojtek.3miasto.net>
From: Luke Mewburn <lukem@wasabisystems.com>
List: tech-kern
Date: 08/24/2001 16:49:30
On Fri, Aug 24, 2001 at 08:41:02AM +0200, Wojciech Puchar wrote:
> > Subject: Re: ACL's revisited
> >
> > Wojciech Puchar wrote:
> >
> > > NetBSD is unix. unix don't need ACL's.
> >
> > Nor does it need networking, log structured file systems, a modern VM
> > subsystem or so many other things I can't even begin to enumerate them.
> 
> no.
> 
> ACL were known before first BSD. but it was not used because SMARTER
> method of ensuring access right vere invented - unix permission system

Please enumerate why you consider the UNIX permission system smarter
than ACLs for all environments?  Be careful in your answer; a lot of
people here have MUCH more experience than you at running large
systems, and will highlight flaws in any specious arguments.

For example, have you ever tried to provide fine grained access
controls to files in a large system with many thousands of users?
You can't just create a group every time you want to do something,
as you quickly run into issues such as the NGROUPS_MAX limit of 16
secondary groups. You can't bump NGROUPS_MAX past 16 if you use NFS.
Only root can create new groups. (etc etc).

Luke.