[CentOS] SELinux - way of the future or good idea but !!!

John Hodrien J.H.Hodrien at leeds.ac.uk
Mon Nov 29 10:53:53 EST 2010


On Mon, 29 Nov 2010, Les Mikesell wrote:

> On 11/29/2010 7:35 AM, Adam Tauno Williams wrote:
>>
>> Even if it is *possible*, the traditional UNIX permissions are a serious
>> *PAIN*.  If you want two users to have rw- to a file you...  create a
>> group of two users???
>
> Yes, there is nothing simpler than a group to represent a group of users.
>
>> You end up with a zillion groups - which is
>> pointless and unmaintainable.  Thank goodness for ACL support and
>> setfacl/getfacl.
>
> So what do you do when you have user-specific ACLs splattered randomly
> through the filesystem and the members of the cooperating groups change?

If userA wants to share a file with userB, they use an ACL, or they need root
assistance.  That's the ad-hoc case, and it works much better using ACLs than
using groups.  For the planned case you describe, you create a group in your
central directory.

It's much the same under windows.

jh


More information about the CentOS mailing list