Why couldn't Transarc use ACLs on pts entries to allow system
administrators to implement whatever type of policy they wanted with
respect to groups within groups?
Example:
$ pts creategroup user:group user
group user:group has id -1582
$ pts setacl user:group smith all user:group ru
$ pts listacl user:group
Access list for user:group is
Normal rights:
user arugdGO
smith arugdGO
user:group ru
where aurwg is
a = administer (can change the ACL)
r = read (see the membership of the group)
u = user (can add normal users to the group)
g = group (can add groups you own to the group)
G = Group (can add any group to the group)
d = delete (can delete users/groups/Groups from the group)
O = other (this group can be made a member of some other group)
It seems to me that since we have these groups and ACLs, why not use
ACLs to control the groups themselves. We could then construct just
about any administrative arrangement we needed.
-------------------------------------------------------------------------------
Bill Fithen
Manager of Networked Information Services
Computing and Information Services/University Library System
Univerity of Pittsburgh
271 Hillman Library
Pittsburgh, PA 15260
How to contact me (in order of priority of replies):
Email: [EMAIL PROTECTED]
Voice mail: (412) 624-6409
FAX: (412) 648-7887
Voice: (412) 648-7753
-------------------------------------------------------------------------------
