On Mon Oct 27 12:34:58 EDT 2014, lu...@proxima.alt.za wrote: > > one does not have to put eve in adm or especially sys. in fact, i think > > this > > makes one's system significantly less secure. > > It's complicated, in that access controls are enforced by distinct > entities with potentially very distinct criteria. Trying to conceive > all possible combination of clients, servers and third-party > authenticators can lead to massive migraines.
it's not complicated. permissions work like unix. there is simply a lack of the unix requirement that the owner of the file server be the owner of the cpu server. certainly one could require different creds for the same user on every host, but we don't do that. - erik
