Stewart Stremler([EMAIL PROTECTED])@Sat, Nov 26, 2005 at 12:02:16PM -0800: > begin quoting Todd Walton as of Sat, Nov 26, 2005 at 11:09:26AM -0800: > > On 11/26/05, Stewart Stremler <[EMAIL PROTECTED]> wrote: > > > - "Disdain this business of creating a new group for each > > > user" > > > > Disdain the Unix permissions scheme while you're at it. > > Has nothing to do with breaking the 'UID and GID must match' > meme. > > Groups are for groups, not a secondary indicator of ownership. > Use 'em to _group_ users (this should not come as a brilliant > insight). > > -Stewart "Which isn't to say that standard UNIX perms aren't > crippled." Stremler
As powerful as RACF is (MVS security product), people still are able to break and abuse it regularly. Being based on ACLs really is a huge benefit, though. The way the mainframers think about password and data security is a little different, though. It is common with Linux to see a group created to provide access to files, and then add a user to the groups that allow appropriate access. Mainframers see groups as defining the function of the person. Everyone belongs to one -and only one- group. Each dataset profile then has an entry defining the type of access for each and every user or group that needs it. Wade Curry syntaxman -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
