On 4/25/07, Ricardo Nabinger Sanchez <[EMAIL PROTECTED]> wrote: > On Wed, 25 Apr 2007 03:00:07 -0300 > "Lucas C. Villa Real" <[EMAIL PROTECTED]> wrote: > > > Is that really needed, as we have the 'users' group common to > > everyone? I would vote for removing it, but I'd just like to hear your > > opinion first. > > It's not needed, and may even hurt manageability. IIRC a user may have be > part of up to 16 groups, after that only ACL "works". >
A quick google turns up: http://www.uwsg.iu.edu/hypermail/linux/kernel/0408.0/0535.html In a nutshell, Andrew Morton says "2.6 kernels support up to 65536 groups per user". There is a reply saying NFS has problems but I can't imagine why. NFS should just report the group and the kernel should handle group membership/access control. Why is it better. It allows users finer grained access control. They can share with a subset of users versus all of them. See "man gpasswd" on how users can manage /etc/groups without root. Right now, users aren't administrators of their group so the advantages really aren't there by default but that just needs to be added to AddUser. >From a practical standpoint it isn't that big of deal. Most GoboLinux systems are small with few users and the primary user has root. The admin overhead of creating special groups for fine access control is small. For larger systems, individual user groups saves a lot of admin work when needed. I tend to think towards larger system from my university and consulting days. I still vote for keeping individual groups. All users accounts should also be a member of users (which isn't happening). I'd also like better distinction between user and system accounts and groups. -- Carlo J. Calica _______________________________________________ gobolinux-devel mailing list gobolinux-devel@lists.gobolinux.org http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
