On Thu, Jun 26, 2003 at 11:43:40AM -0400, Carson Gaspar wrote: > > > --On Thursday, June 26, 2003 1:16 AM -0700 jw schultz <[EMAIL PROTECTED]> wrote: > >>Impossible with simple user/group permissions. > > > >Not impossible. I've done that sort of thing many times. > > > >-rwxr-x--- 1 charlie cdab 3658 Jan 20 17:35 . > >-rw-rw-r-- 1 charlie david 3658 Jan 20 17:35 the_file > >Or so you don't need root to "chgrp david the_file" > >-rw-rw-r-- 1 charlie charliedave 3658 Jan 20 17:35 the_file > > And how does the group charliedave get created? And what happens when you > need to add Ed to the list?
Just like all other groups. I only called it that because you did not define why this was only charlie and dave. I pity those who's permissions decisions are capricious. > I cede the point of it being possible. That's what comes from writing > technical e-mail late at night ;-). It's still horrific and unmanageable. Subjective. I find no horror in it and easy to manage but long ACLs the opposite. > >You will find that most definitions of ACLs--including > >POSIX--only allow you to grant access, not revoke it. > > Then those ACLs are just plain broken. Solaris ACLs definitely allow you to > revoke privileges (by granting mode 0000 to a user/group). I did overstate it, my error. You can block a user by creating a matching ACL_USER entry. Just be careful of unintended consequences of a user matching multiple ACL_GROUP entries which are effectively ored. And heaven help you if something causes the ACLs to be dropped. -- ________________________________________________________________ J.W. Schultz Pegasystems Technologies email address: [EMAIL PROTECTED] Remember Cernan and Schmitt -- To unsubscribe or change options: http://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html