alan at linuxholdings.co.za
Sat Apr 29 19:29:19 UTC 2006
On Saturday 29 April 2006 08:40, Michael T. Richter wrote:
> On Sat, 2006-29-04 at 02:30 +0000, William Grant wrote:
> > > I can go right down into the nitty-gritties, in Windows (NT+),
> > > and say "this file is only readable to this one user, only
> > > executable by this one other user, can be write-appended (but
> > > not read) by this group of users and can be read/write accessed
> > > by this other group over here". Nothing in sudo/chroot/et al
> > > gives me anywhere near that level of security control unless I
> > > include an add-on that's subverted by half the utilities out
> > > there.
> > Hmm. I could have sworn that I used such things on my Linux
> > server constantly. Or am I imagining getfacl and setfacl?
> Another bolding. I just downloaded the acl utilities from
> universe. Where's the "write-append" access? Even with the acl
> extensions in place you still can't match the functionality that is
> in Windows NT-based systems out of the box.
Why do you want that fine level of control? I've yet to see a valid
case where such fine control on a file system is truly indicated.
I see what you are getting at - being able to allow/disallow specific
actions on file by file basis. But keep in mind that each new
combination of facility/control doubles the number of settings, and
this very quickly gets out of hand and becomes a maintenance
headache. Witness the number of Windows boxen where the user runs as
an admin just to get their work done. Yes I know there are ways to
avoid this, but how many people really do it? Reading between the
lines I suspect you do, but that'll make you one of a very few that I
know of to have made that claim.
Very fine grained control is very useful in a database for example,
where the data domain being stored is narrowly defined. But in
something as generic as a file system I don't see it being used much
outside of very specialized needs. And just because something can be
done doesn't mean it should be done.
If you want write-append access, ext2 implements an append-only
If only you and dead people understand hex,
how many people understand hex?
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five
More information about the ubuntu-users