Date: Thu, 12 Feb 2009 21:52:31 -0800 From: Chuck Swiger <cswiger@mac.com> To: Da Rock <rock_on_the_web@comcen.com.au> Cc: freebsd-questions@freebsd.org Subject: Re: Old user can't log in Message-ID: <F8CE7DF3-3991-4AB1-9AEA-FB667A82F01C@mac.com> In-Reply-To: <1234500741.13067.111.camel@laptop1.herveybayaustralia.com.au> References: <325E4EC8-BD2B-45C1-978C-4922D16D3A94@identry.com> <9391FD2D-59ED-455A-8C87-2854C7EF1E52@mac.com> <ECDF6933-47F6-4D67-AC5C-5E149590D971@identry.com> <1234498626.13067.96.camel@laptop1.herveybayaustralia.com.au> <470E75B0-C7E9-4F05-A112-62DF01F1EA1D@mac.com> <1234500741.13067.111.camel@laptop1.herveybayaustralia.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 12, 2009, at 8:52 PM, Da Rock wrote: >> With reasonable organization, and appropriate use of sudo or setgid >> binaries for things like people who use SVN or CVS, there generally >> isn't reason or need for a user to be in so many groups. For the >> exceptional cases, switching to using a full ACL system rather than >> the traditional Unix permission model is probably going to be a >> better >> solution. > > Interesting. What would you suggest for full ACL? Well, it depends on what you're doing in terms of user requirements and systems (ie, are the FreeBSD boxes fileservers, clients, or both?), but the stuff which comes with FreeBSD is documented in acl(3), getfacl, setfacl, etc. Other choices might involve something like the Andrew File System / Transarc DFS stuff, or Windows Active Directory and Samba/CIFS on the FreeBSD boxes.... Regards, -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F8CE7DF3-3991-4AB1-9AEA-FB667A82F01C>