Quoting Piotr Wadas <[EMAIL PROTECTED]>: >> I think this is the very important part here -- deprecated and discouraged. >> I'd argue that long term, ACI support should be removed entirely (perhaps for >> 2.5?). The entire concept of ACI's is broken. >> > > Is it really so bad? I mean, I actually don't now, you're probably > right if you say so, anyway I'd really regret such feature to be > discontinued. I was testing it very long ago, and, nevertheless its > complexity and its experimental flavour, the concept itself > was very exciting.
I've been using it successfully for years on my production machines. Granted, it's a mess to work. But so is everything if you don't have the right tools... > I was hoping someday this will be implemented > in tested/documented and stable version. So did I. > Imagine that someone could say, that "the entire priviledges and > ownerships concept in Unix is broken", wouldn't that sound a little > bit em. weird? :) No, because 'everyone' have said it for years :) That's why they invented ... whats-the-module that do ACL in filesystems... Haven't compiled a kernel in quite a while, but there IS an option (and have for quite a number of years) that gives MORE (MUCH more) control to the administrator. And in AFS (which I use extensivly), there's ACL's as well... UNIX access control is _horribly_ broken. BUT, and I would like to plea to the OL developers. Don't remove something like OpenLDAPaci without having a replacement! Even though it might be bad, it's the only thing usable (I'm not going with the ACL because _that_ I find broken! :). Static access control!? You got to be kidding... > what could do the work > better than such (actually simple in its basics) concept ? Basically anything for someone with a dynamic environment... But let's not go there...
