On Thu, 21 Sep 2000, Alexander Skwar wrote: > On Thu, Sep 21, 2000 at 10:58:28AM -0600, Stephen Bosch wrote: > > Buchan Milne wrote: > > > > > > Wherever possible I avoid Microsoft filesystems. > > > > > > NTFS is not that bad. It supports ACLs which linux does not yet. The > > > biggest problem is that very few Windows (NT) users know/care about file > > > permissions. > > > > NT's file access control is, if you ask me, a complete disaster -- of > > course, it's not entirely the fault of the filesystem; it may have more to > > do with NT's lousy security token model. > > Well, I actually disagree. In the Unix world you can only be in one group > at a time. This can be a real obstacle. Let's say you want to write a file > that you read a file from /dev/ttyS0, with the standard (?) ownership of > root.tty and 660 and you want to write it to a directory where only your > group has write permissions. What to do? Sure, you may make a backup file > in your home dir, but that's not comfortable at all. > > With the NT ACL this wouldn't be a problem as you can be in multiple groups > at a time or because the user is explicetily <sp?> listed for a dir. > Umm...actually I thought the redhat security model (which was admittedly changed a bit by Mandrake) covered that....put the sgid bit on the group directory, set everybodies umask to 002 and make sure every users primary group is unique with only the user as a member. That lets everyone with a secondary group of (say) accountants access any files created in teh directory with the accountants group SGID bit set on the directory. Actually...while were on the subject...is this a workable model? anyone had problems with it?
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
