On Wed, 25 Apr 2007 20:02:11 -0700 "Carlo Calica" <[EMAIL PROTECTED]> wrote:
> A quick google turns up: > http://www.uwsg.iu.edu/hypermail/linux/kernel/0408.0/0535.html In a > nutshell, Andrew Morton says "2.6 kernels support up to 65536 groups > per user". There is a reply saying NFS has problems but I can't > imagine why. NFS should just report the group and the kernel should > handle group membership/access control. Yes, but that also assumes NFS over Linux kernels. Which isn't always true, at least in my house. :) > > Why is it better. It allows users finer grained access control. They > can share with a subset of users versus all of them. See "man > gpasswd" on how users can manage /etc/groups without root. Right now, > users aren't administrators of their group so the advantages really > aren't there by default but that just needs to be added to AddUser. But adding groups per-user is almost what you get by using ACLs. > > >From a practical standpoint it isn't that big of deal. Most GoboLinux > systems are small with few users and the primary user has root. The > admin overhead of creating special groups for fine access control is > small. For larger systems, individual user groups saves a lot of > admin work when needed. I tend to think towards larger system from my > university and consulting days. > > I still vote for keeping individual groups. All users accounts should > also be a member of users (which isn't happening). I'd also like > better distinction between user and system accounts and groups. That's an interesting point, which could be further discussed (it's a everybody-wins discussion). Like you, I tend to think about large system, often much larger than practically acceptable, and also very heterogeneous (very means not only Gobo, and even not only Linux). Even so, I still don't see a point to have per-user groups, instead of well-defined (and fine-grained) groups, like cdrom, video, mount, sudo (or wheel), and so on. My list hardly goes over 30 groups. Isn't it possible to the 2 options co-exist? It may be harder, but I think it's worth it. -- Ricardo Nabinger Sanchez <[EMAIL PROTECTED],wait4.org}> Powered by FreeBSD "Left to themselves, things tend to go from bad to worse." _______________________________________________ gobolinux-devel mailing list gobolinux-devel@lists.gobolinux.org http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
