From mboxrd@z Thu Jan 1 00:00:00 1970 Message-Id: <200306280210.h5S2Am723171@augusta.math.psu.edu> To: 9fans@cse.psu.edu Subject: Re: [9fans] book chapters In-Reply-To: Your message of "Fri, 27 Jun 2003 21:03:38 EDT." <20030628010338.3523.qmail@g.bio.cse.psu.edu> From: Dan Cross Date: Fri, 27 Jun 2003 22:10:48 -0400 Topicbox-Message-UUID: e050ce5e-eacb-11e9-9e20-41e7f4b1d025 > | I haven't, because groups serve nicely as ACLs, > > I disagree. ACLs are things that any user can set on any of their files. > That's the opposite of predefined groups stored on the BOFH's auth > server. I just want to point out that the ability to write user-level file servers allows one to easily implement ACL's at that level. It's not convenient for, e.g., access to a fossil or some similar large fileserver (think of the mess an ACL-enabled overlay would be), but it works for other things. > Do you really want to define groups for all 50000! combinations of users > on PSUVM? I'd rather just attach the access list to the file itself. There are 2^50000 - 1 such combinations (assuming one ignores the group with no one in it); a lot more than 50000!. Besides, I thought PSUVM was gone? I'm out of touch with what's happening in Happy Valley, I guess. > | I wonder if the people who rave about ACLs are actually attached to > | some aspect of a particular implementation, > > The one in Primos (and Multics, I guess) was certainly beautiful, > but it's the actual effect that I'm attached to. I think the major benefit of ACL systems is that most implementations don't require administrator intervention to set up or maintain them (some do). - Dan C.