On Wed, Aug 24, 2005 at 12:36:40AM +0200, Vincent Caron wrote: > > A drawback of ACLs is that when a user quits a project, the whole > > projects need to be setfacl'd to remove the user from all the > > ACLs. However, you'll note that the group model does not fix this > > issue either: if a user is owner of a CVS directory, for example, he > > still can commit in it even if he's not part of the group anymore. So > > apparently chown/setfacl when a user leaves if a necessary constraint. > > True. CVS could be patched for this, most of the time it is desirable > that the owner of a file be made irrelevant, it could be forced to > 'nobody'.
It's not about files, but directories :) CVS "changes" files by removing and adding them, not by modifying them. I think though that CVS should not be patched when it comes to security. That's unauthorized access. Oppose that to data integrity, eg when authorized users try to change the history of the RCS files - in that case, CVS is the one in charge of enforcing his laws. > We're rather interested in distributions evolution, since we seek for > the lowest maintenance effort. I wonder what is NGROUPS_MAX in Linux and > Debian Sarge, and which packages are properly updated. Well the good news is that Debian testing and unstable use 65536(!) :) - cf. /usr/include/linux/limits.h. I made a successful test with 100 groups on my Debian testing box. The bad news is that stable is still sticking to bad old 32 :[ Do you have some other distros under the hand to test? -- Sylvain _______________________________________________ Savane-dev mailing list [email protected] https://mail.gna.org/listinfo/savane-dev
