First just a short reminder to everybody:
Linux is Free (and *BSD as well) --
Itches will be scratched, eventually
Window, BeOS, .... are not --
wait for some benevolent vendor to scratch you itches
And now to more interesting technical issue:
On Tue, 03 Jun 2003 07:28:17 +0300
Shachar Shemesh <[EMAIL PROTECTED]> wrote:
> For those reasons I am, personally, against adding ACL support to
> Linux. Shame on me, for I am opposing B based on my experience with
> A, while I have not looked at B. That's why I'm mostly silent about
> this.
Actually, it's a very good point. The ACL model sucks because it tries
to protect individually each and every file on the system (modern ACL
schemes mitigate this problem by providing ACL "inheritance").
If you think how many files you have in a typical system (not to
mention servers), it's obviously beyond human capacity to manage them
*individually*
That's where the capabilities model excels: Specify what a program or
a procees may do instead of specifying what may be done to a file.
Although this looks like the other side of the same coin, there is
huge difference in the magnitude of the problem -- how many
programs/processes a sys-admin have to manage?
--
Oron Peled Voice/Fax: +972-4-8228492
[EMAIL PROTECTED] http://www.actcom.co.il/~oron
"Those who do not understand Unix are condemned to reinvent it,
poorly." (H. Spencer)
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
