On Sat, Feb 12, 2011 at 3:38 AM, Drew <drew.kay at gmail.com> wrote: >> RHEL and CentOS have much, much tighter basic privilege handling. The >> complexity of the NTFS ACL structure, for example, is so frequently >> mishandled that it's often ignored and simply dealt with as >> "Administrator". The result is privilege escalation chaos. > > And how is the user-group-world permissions system any better? > > I work daily with both *nix & NTFS ACL's and given the choice I prefer > NTFS' for the finer grained control. > > You want to create a folder in which user A & B have access to but > nobody else? In *nix you create a group that both those users belong > to and set the folder to use that group's permissions. In NTFS you set > the ACL's so those two users have (almost) full access to the folder. > Simple enough. in unix you can use acls as well. See getacl/setacl. No sweat. Anyway, neither in windows nor in unix/linux you want to specify permissions on a per user level. Always groups. If the user leaves the company and the permissions are on a per user level you need to start all over again. If on a per group level, just disable/remove the user from the group and it keeps working for the rest of members. Bonus points if you enable your helpdesk group to administer the groups and the children folders so you no longer have to waste any time with this boring stuff. -- natxo