On Wed, March 3, 2010 10:23, Paul B. Henson wrote: > On Wed, 3 Mar 2010, David Dyer-Bennet wrote: > >> It's the normal way to do it; not sure where in the Linux world it >> arose, >> but I first saw it in some early distribution. It's done automatically >> by >> "adduser". In my perception, it's "best practice". So the question >> is, >> why do you NOT want to do it? > > It's the "historical" way to do it. Best practices change over time. As > I've already indicated, I would get no benefits from such a practice, and > it would result in 70000 extra unnecessary groups in my environment. It > used to be common practice to leave your smtp servers as open relays, > would > you have argued against locking them down because implementing smtp > authentication was too hard for you? It used to be common practice to > access servers via telnet, would you have argued against the deployment of > ssh because you didn't want to learn how to configure it? Your basic > premise in this argument seems to be that the tools to create a pure-ACL > environment shouldn't be made available to anyone because you don't > understand ACL's, they're too hard (for you) to use, and you would have to > change how you do things.
I don't think it will work as well for you as you think it will; I think you'll then find yourself complaining that backup systems don't work, and indexing systems don't work, and this doesn't work, and that doesn't work, all because you've broken the underlying model. And I have a definite fear that it'll end up impacting me, that "not using it" won't be as clear an option as you think it will. And I'm pretty sure I've said considerably more than is really necessary, at this point, so I will try very hard to avoid getting sucked back into this discussion, at least with just the same old opinions. -- David Dyer-Bennet, d...@dd-b.net; http://dd-b.net/ Snapshots: http://dd-b.net/dd-b/SnapshotAlbum/data/ Photos: http://dd-b.net/photography/gallery/ Dragaera: http://dragaera.info _______________________________________________ zfs-discuss mailing list zfs-discuss@opensolaris.org http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
