On Saturday, February 12, 2011 09:02 PM, Natxo Asenjo wrote: > On Sat, Feb 12, 2011 at 3:38 AM, Drew<drew.kay at gmail.com> wrote: >>> RHEL and CentOS have much, much tighter basic privilege handling. The >>> complexity of the NTFS ACL structure, for example, is so frequently >>> mishandled that it's often ignored and simply dealt with as >>> "Administrator". The result is privilege escalation chaos. >> >> And how is the user-group-world permissions system any better? >> >> I work daily with both *nix& NTFS ACL's and given the choice I prefer >> NTFS' for the finer grained control. >> >> You want to create a folder in which user A& B have access to but >> nobody else? In *nix you create a group that both those users belong >> to and set the folder to use that group's permissions. In NTFS you set >> the ACL's so those two users have (almost) full access to the folder. >> Simple enough. > > in unix you can use acls as well. See getacl/setacl. No sweat. > > Anyway, neither in windows nor in unix/linux you want to specify > permissions on a per user level. Always groups. If the user leaves the > company and the permissions are on a per user level you need to start > all over again. If on a per group level, just disable/remove the user > from the group and it keeps working for the rest of members. And what do you do when you have cases that a user needs access to these set of files/directories but not all the files/directories the group has access to?