Date: Fri, 13 Feb 2009 08:21:44 -0500 From: John Almberg <jalmberg@identry.com> To: freebsd-questions@freebsd.org Subject: Re: Old user can't log in Message-ID: <9B40B0B0-FC12-4BBB-BC7D-5BE17BF226FC@identry.com> In-Reply-To: <1234506087.13067.123.camel@laptop1.herveybayaustralia.com.au> References: <325E4EC8-BD2B-45C1-978C-4922D16D3A94@identry.com> <9391FD2D-59ED-455A-8C87-2854C7EF1E52@mac.com> <ECDF6933-47F6-4D67-AC5C-5E149590D971@identry.com> <1234498626.13067.96.camel@laptop1.herveybayaustralia.com.au> <470E75B0-C7E9-4F05-A112-62DF01F1EA1D@mac.com> <1234500741.13067.111.camel@laptop1.herveybayaustralia.com.au> <F8CE7DF3-3991-4AB1-9AEA-FB667A82F01C@mac.com> <1234506087.13067.123.camel@laptop1.herveybayaustralia.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Feb 13, 2009, at 1:21 AM, Da Rock wrote: > On Thu, 2009-02-12 at 21:52 -0800, Chuck Swiger wrote: >> On Feb 12, 2009, at 8:52 PM, Da Rock wrote: >>>> With reasonable organization, and appropriate use of sudo or setgid >>>> binaries for things like people who use SVN or CVS, there generally >>>> isn't reason or need for a user to be in so many groups. For the >>>> exceptional cases, switching to using a full ACL system rather than >>>> the traditional Unix permission model is probably going to be a >>>> better >>>> solution. >>> >>> Interesting. What would you suggest for full ACL? >> >> Well, it depends on what you're doing in terms of user requirements >> and systems (ie, are the FreeBSD boxes fileservers, clients, or >> both?), but the stuff which comes with FreeBSD is documented in >> acl(3), getfacl, setfacl, etc. Other choices might involve something >> like the Andrew File System / Transarc DFS stuff, or Windows Active >> Directory and Samba/CIFS on the FreeBSD boxes.... >> >> Regards, > > So you're talking in terms of the FS only? I thought you said the > kernel > wasn't capable? I'll have to look into this a more thoroughly, I'm > intrigued to say the least. Not to say I'll ever probably use it, > but it > does present a limitation. I only ran up against the problem because I added this user to a bunch of other user's groups, so that she could edit those user's files. Easily refactored into something more sensible. -- John
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?9B40B0B0-FC12-4BBB-BC7D-5BE17BF226FC>