Slashdot Mirror

← Back to Stories (view on slashdot.org)

FreeBSD Access Control Lists

Posted by michael on from the chmod-777-much-easier dept.

BSD Forums writes "The Unix permissions model has worked for decades due to its flexible simplicity. It's not the only approach, though. FreeBSD 5.0 supports Access Control Lists, which allow for more flexible permissions. Daniel Harris explains what ACLs can make easier."

2 of 108 comments (clear)

  1. Re:Management cost vs. flexibility by Paul+Jakma · · Score: 4, Interesting

    Well, the answer is to assign the permission to a group, not to Bob directly. But, drat, then you are back to using groups. :)

    The prime problem which ACLs solve or rather work-around, is that users:

    - have no way to specify their own collection of users (they have to ask the admin to create a group)

    AND

    - a user can not chgrp a file to any group of which they are not a member (security)

    ACLs provide normal users a means to assign permissions to files by arbitrary users, and (iirc) arbitrary groups. But they are, as you point out, a management nightmare - while being a feature very few people actually need.

    --
    I use Friend/Foe + mod-point modifiers as a karma/reputation system.
  2. ACL's rock. by craig2787 · · Score: 4, Interesting

    I had a directory that I wanted 777 for all but user www. The solution was simple with ACL's; it eliminated the need for adding a new group for one measly dir.

    Go ACL's!