From mboxrd@z Thu Jan  1 00:00:00 1970
Date: Thu, 23 Oct 1997 22:26:13 -0500
From: G. David Butler gdb@dbSystems.com
Subject: [9fans] group organization
Topicbox-Message-UUID: 6a98025c-eac8-11e9-9e20-41e7f4b1d025
Message-ID: <19971024032613.b8oLPdhsu3ahV1u8uqTRN7uVHfrNvvlObS8VM83EkAY@z>

From: Scott Schwartz <schwartz@finch.cse.psu.edu>
>
>I hate to raise heretical notions, but I really don't think
>user/group/other works very often, and it's not worth trying to tweak
>it.  If a filesystem object isn't world readable, then 90% of the time
>I want an access control list (maybe just for directories) to specify
>who gets to do what with that file.  Allowing the authentication
>system to put users in multiple catagories, even if you can change
>them easily, doesn't seem to me to be the right solution.

I would like to see an efficient ACL implementation to consider.

Unless you have a large user population with multiple domains of
administration the group concept is simpler and sufficient.  (A
group is just a ACL "macro".)  For my part, I like the tighter
security of P9 over *NIX.  If you have followed the list you will
notice I have tightened it further.  (I have effectively excluded
"none" from "other".)

>"If I want Multics, I know where to find it."
Yes, but is it available in source and does it run on a PC? :->