I know what ACLs are and I have used them in Windows AD and with OpenLDAP quite extensively. I am not convinced that they are useful in Linux. You do not have to use ACLs with SELinux. I have never come across them being used in production or live systems. I was looking for examples as my experience with POSIX acls was that they were not properly integrated. Some utilities were unaware of them and ignored or overrode them.
On Wed, Nov 30, 2011 at 12:01 AM, Valery Shaevitch <[email protected]>wrote: > For an easier search :: > http://www.google.ca/search?gcx=c&sourceid=chrome&ie=UTF-8&q=Access > +Level+Control+%2B+SElinux > > Val > > On Tue, 2011-11-29 at 23:41 -0500, Valery Shaevitch wrote: > > Tricia, hi > > Well, first of all, (I guess you do) you should understand ACL = Access > > Level Control > > > > If you use SElinux (Security Enhaced Linux), then you you MUST than you > > must use ACL, first understanding how it works. > > Well, a small example is a Windows platform (2003 and later) where you > > may create groups or users by their properties (read permissions) > > Well, it is not like ususal Unix*s 777 or 0755 or whatever comes here > > but it is pretty similar. > > The strange (for me) fact that I've got the idea how it works > > was a job exercise where I should've create a bunch of users > > in M$ server 2008 with different access levels. (that was in Hitachi) > > Look at the net, search google for ACL or Access Level Control + SElinux > > > > I've got a lot of help there ))) > > > > Wish you luck > > > > Val > > > > > > On Tue, 2011-11-29 at 23:27 -0500, Patricia Campbell wrote: > > > Thanks for the reply. I'm not sure what you mean by "if you need them > > > they are the only way" can you elaborate? > > > > > > On Tue, Nov 29, 2011 at 9:47 PM, Hroðgard Skjöldung > > > <[email protected]> wrote: > > > Hi, > > > I have used them several times in different environments. > > > If you need them, they are the only way... > > > > > > Caveat: I suggest anyone using them should be very familiar > > > with managing complex groups, the use of permissions, sticky > > > bits etc. --One painful example I heard of recently was a > > > site containing thousands of ACLs on files that were already > > > covered by the enclosing directory. The number of ACLs & > > > inodes will be the only real limit to look at.. > > > > > > ie: if you have permissions granted by a directly, the files > > > inside only need to have world access ( for w r or x what ever > > > you need ) this can save lots of over head > > > > > > > > > Nota bene, compatibility with other ACL is a bit of a pain, if > > > you are sharing with windows you may look at CIFS instead. > > > NFS was a pain, but I think those bugs are mostly fixed now. > > > > > > > > > Gluck! > > > Hro > > > > > > > > > > > > On 2011-11-29, at 8:02 PM, Patricia Campbell wrote: > > > > > > > Does anyone out there use them ? Or have you heard of > > > anyone using them, or where they are useful? > > > > > > > > -- > > > > ___..___........__.......__ > > > > ...|....|__/....|...|......|...|__| > > > > ...|....|.....\...|...|__..|...|....| > > > > > > > > "You must be the change you wish to see in the world." > > > Mohandas K Gandhi > > > > > > > _______________________________________________ > > > > mlug mailing list > > > > [email protected] > > > > > > > > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca > > > > > > _______________________________________________ > > > mlug mailing list > > > [email protected] > > > > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca > > > > > > > > > > > > > > > -- > > > ___..___........__.......__ > > > ...|....|__/....|...|......|...|__| > > > ...|....|.....\...|...|__..|...|....| > > > > > > "You must be the change you wish to see in the world." Mohandas K > > > Gandhi > > > _______________________________________________ > > > mlug mailing list > > > [email protected] > > > > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca > > _______________________________________________ > mlug mailing list > [email protected] > https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca > -- ___..___........__.......__ ...|....|__/....|...|......|...|__| ...|....|.....\...|...|__..|...|....| "You must be the change you wish to see in the world." Mohandas K Gandhi
_______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
