From owner-freebsd-questions@FreeBSD.ORG  Fri Feb 13 05:52:32 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B184C1065670
	for <freebsd-questions@freebsd.org>;
	Fri, 13 Feb 2009 05:52:32 +0000 (UTC) (envelope-from cswiger@mac.com)
Received: from asmtpout012.mac.com (asmtpout012.mac.com [17.148.16.87])
	by mx1.freebsd.org (Postfix) with ESMTP id 99C0E8FC13
	for <freebsd-questions@freebsd.org>;
	Fri, 13 Feb 2009 05:52:32 +0000 (UTC) (envelope-from cswiger@mac.com)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Received: from [10.152.145.238] ([72.165.115.225])
	by asmtp012.mac.com (Sun Java(tm) System Messaging Server 6.3-7.03
	(built Aug
	7 2008; 32bit)) with ESMTPSA id <0KEZ003DIPNJDC50@asmtp012.mac.com> for
	freebsd-questions@freebsd.org; Thu, 12 Feb 2009 21:52:32 -0800 (PST)
Message-id: <F8CE7DF3-3991-4AB1-9AEA-FB667A82F01C@mac.com>
From: Chuck Swiger <cswiger@mac.com>
To: Da Rock <rock_on_the_web@comcen.com.au>
In-reply-to: <1234500741.13067.111.camel@laptop1.herveybayaustralia.com.au>
Date: Thu, 12 Feb 2009 21:52:31 -0800
References: <325E4EC8-BD2B-45C1-978C-4922D16D3A94@identry.com>
	<9391FD2D-59ED-455A-8C87-2854C7EF1E52@mac.com>
	<ECDF6933-47F6-4D67-AC5C-5E149590D971@identry.com>
	<1234498626.13067.96.camel@laptop1.herveybayaustralia.com.au>
	<470E75B0-C7E9-4F05-A112-62DF01F1EA1D@mac.com>
	<1234500741.13067.111.camel@laptop1.herveybayaustralia.com.au>
X-Mailer: Apple Mail (2.930.3)
Cc: freebsd-questions@freebsd.org
Subject: Re: Old user can't log in
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Feb 2009 05:52:32 -0000

On Feb 12, 2009, at 8:52 PM, Da Rock wrote:
>> With reasonable organization, and appropriate use of sudo or setgid
>> binaries for things like people who use SVN or CVS, there generally
>> isn't reason or need for a user to be in so many groups.  For the
>> exceptional cases, switching to using a full ACL system rather than
>> the traditional Unix permission model is probably going to be a  
>> better
>> solution.
>
> Interesting. What would you suggest for full ACL?

Well, it depends on what you're doing in terms of user requirements  
and systems (ie, are the FreeBSD boxes fileservers, clients, or  
both?), but the stuff which comes with FreeBSD is documented in  
acl(3), getfacl, setfacl, etc.  Other choices might involve something  
like the Andrew File System / Transarc DFS stuff, or Windows Active  
Directory and Samba/CIFS on the FreeBSD boxes....

Regards,
-- 
-Chuck