> without it, a lot of procedure is required to restrict access to > some services.
A couple more motivating examples: * I don't really want random users to be able to cpu into my file server and (accidentally) run it out of RAM and swap--but I do want "certain people" (maybe even a group) to log in and do maintenance. * If I have an auth server which is a standalone machine, I want very few people to be able to do *anything* to it. This could be the same case as the file server, except that specifying a group (e.g., "sys") as defined by a file server on a different machine is going to be a little harder, right? Dave Eckhardt
