[CentOS] SELinux - way of the future or good idea but !!!
John Hodrien
J.H.Hodrien at leeds.ac.uk
Mon Nov 29 15:53:53 UTC 2010
On Mon, 29 Nov 2010, Les Mikesell wrote:
> On 11/29/2010 7:35 AM, Adam Tauno Williams wrote:
>>
>> Even if it is *possible*, the traditional UNIX permissions are a serious
>> *PAIN*. If you want two users to have rw- to a file you... create a
>> group of two users???
>
> Yes, there is nothing simpler than a group to represent a group of users.
>
>> You end up with a zillion groups - which is
>> pointless and unmaintainable. Thank goodness for ACL support and
>> setfacl/getfacl.
>
> So what do you do when you have user-specific ACLs splattered randomly
> through the filesystem and the members of the cooperating groups change?
If userA wants to share a file with userB, they use an ACL, or they need root
assistance. That's the ad-hoc case, and it works much better using ACLs than
using groups. For the planned case you describe, you create a group in your
central directory.
It's much the same under windows.
jh
More information about the CentOS
mailing list