You can do things like this: For file.txt, willg and dustinp have read/write access to it. the admin group and the wheel group have read/write access to it. the users group only has read access to it. User ray and brad, even though they're in the users group are explicitely denied any access to the file.
Try doing that with standard Unix permissions, without creating a new group just for that file. When you have to do stuff like that for lots and lots of files, standard Unix permissions fail miserably. And that's not even mentioning inherited rights (or blocking inherited rights). Netware and VMS have similar file access control capabilities. Unix (Solaris/AIX) have had it for a long time, and it's a fairly recent (past few years) addition to linux. However, i have not seen ACLs used on Unix/Linux very much. I think the ntfs kernel module just doesn't know enough about the filesystem to do stuff like that. The module has been around for years, and it's just recently that it seems safe to write to NTFS. I know ntfs write support was marked EXPERIMENTAL in the kernel source for years and years...not sure what its current status is. No doubt there is patent issues, but i think ntfs may be too complicated/convoluted and MS does not provide enough documentation of the internal NTFS structures. That in mind, the ntfs guys have done a pretty good job at reverse engineering it. ray On Fri, 28 Jan 2005, Will Hill wrote: > I'd like to know about that access control. What makes it better than the > usual ugw, rwe bits respected by a hardware managing kernel? If it's really > nifty, have any free software projects made use of it? You would think that > ntfs kernel modules would pass the goodies on unless the goodies had some > kind of silly patent.
