From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: To: 9fans@cse.psu.edu Subject: Re: [9fans] group permission From: "Sascha Retzki" Date: Mon, 31 Jul 2006 22:37:59 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Topicbox-Message-UUID: 950d1438-ead1-11e9-9d60-3106f5b1d025 Got a nice collection... > For the rest of the world, collaboration facilities must be managed as > offices are managed. The ACL is analogous to the list of individuals who > have keys to a particular facility. In this situation the teacher needs > to own and control the drop slot, a "device" within the office to which > he/she controls the ACL and into which users can place files that can > only be read by the owner/manager of the room. Relying upon users to > create and manage groups for this kind of thing is not realistic. I think the 'group owner' is the one you are looking for. Besides chgrp allowed for regular users, I still think the group-owner-thing rocks and it should be there. (I actually just read about 'group owners' once, loved the idea, and expected the tools to exist.. they don't? :(( ) > There is another solution. > > Bob can create a directory, say /bob/submit, > and make it group bob and mode 777. > Then alice and carol can each run > mkdir /bob/submit/$user > chmod 770 /bob/submit/$user > and put their files in that new directory, > which is owned by them but has group bob. I don't think that is a solution - but a nice workarround ;) (Not to think about explaining two pupils, office clerks, $whatever for the millionth time how that actually works) > Nothing terrible might happen but the current design is a > well-considered choice. I'd like to be won over by a technical > argument before sanctioning a change. I think creating a real interface instead of making the users use 'tricks' is simply the right thing. At least to a certain degree. Yes I agree, that 'degree' may be something different to you ;) If that does not satisfy you: Maybe that sounds stupid, but what is a 'technical' argument then? > Maybe it's a holdover from Unix worth > getting rid of. It's almost certainly a one-line change > to fossil. great. :) > The right solution is probably a way to talk to a file > server to create a new group (owned by the > user who created it) and also to edit existing groups, > subject to the documented permissions. Sorry, one last thing: There must be an intermediet step that I miss, why create new groups (is that a DoS? Create new groups in a for-loop, named pretty much the same, to make maintaince-time extra expensive?)? Mfg, Sascha