Just a minor point. Don't confuse authentication with authorization. If a
reasonable authentication model (such as Kerberos) is used, I don't think
that ACLs are "safer" than Unix uid + gid list credentials. More flexible
and maybe more appropriate, but not safer.
In other words, NFS's abismal non-authentication using unencrypted Unix
credentials vs. Kerberos vs. whatever is a separate issue than ACLs vs. Unix
authorizations using uid and gid list.
Thanks for finally putting a little controversy on the list, rick
