From owner-freebsd-questions@FreeBSD.ORG Fri Feb 13 13:21:47 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 007571065679 for ; Fri, 13 Feb 2009 13:21:46 +0000 (UTC) (envelope-from jalmberg@identry.com) Received: from mx1.identry.com (on.identry.com [66.111.0.194]) by mx1.freebsd.org (Postfix) with ESMTP id A25D68FC27 for ; Fri, 13 Feb 2009 13:21:46 +0000 (UTC) (envelope-from jalmberg@identry.com) Received: (qmail 37815 invoked by uid 89); 13 Feb 2009 13:22:13 -0000 Received: from unknown (HELO ?192.168.1.110?) (jalmberg@75.127.142.66) by mx1.identry.com with ESMTPA; 13 Feb 2009 13:22:13 -0000 Mime-Version: 1.0 (Apple Message framework v753.1) In-Reply-To: <1234506087.13067.123.camel@laptop1.herveybayaustralia.com.au> References: <325E4EC8-BD2B-45C1-978C-4922D16D3A94@identry.com> <9391FD2D-59ED-455A-8C87-2854C7EF1E52@mac.com> <1234498626.13067.96.camel@laptop1.herveybayaustralia.com.au> <470E75B0-C7E9-4F05-A112-62DF01F1EA1D@mac.com> <1234500741.13067.111.camel@laptop1.herveybayaustralia.com.au> <1234506087.13067.123.camel@laptop1.herveybayaustralia.com.au> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <9B40B0B0-FC12-4BBB-BC7D-5BE17BF226FC@identry.com> Content-Transfer-Encoding: 7bit From: John Almberg Date: Fri, 13 Feb 2009 08:21:44 -0500 To: freebsd-questions@freebsd.org X-Mailer: Apple Mail (2.753.1) Subject: Re: Old user can't log in X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 13 Feb 2009 13:21:47 -0000 On Feb 13, 2009, at 1:21 AM, Da Rock wrote: > On Thu, 2009-02-12 at 21:52 -0800, Chuck Swiger wrote: >> On Feb 12, 2009, at 8:52 PM, Da Rock wrote: >>>> With reasonable organization, and appropriate use of sudo or setgid >>>> binaries for things like people who use SVN or CVS, there generally >>>> isn't reason or need for a user to be in so many groups. For the >>>> exceptional cases, switching to using a full ACL system rather than >>>> the traditional Unix permission model is probably going to be a >>>> better >>>> solution. >>> >>> Interesting. What would you suggest for full ACL? >> >> Well, it depends on what you're doing in terms of user requirements >> and systems (ie, are the FreeBSD boxes fileservers, clients, or >> both?), but the stuff which comes with FreeBSD is documented in >> acl(3), getfacl, setfacl, etc. Other choices might involve something >> like the Andrew File System / Transarc DFS stuff, or Windows Active >> Directory and Samba/CIFS on the FreeBSD boxes.... >> >> Regards, > > So you're talking in terms of the FS only? I thought you said the > kernel > wasn't capable? I'll have to look into this a more thoroughly, I'm > intrigued to say the least. Not to say I'll ever probably use it, > but it > does present a limitation. I only ran up against the problem because I added this user to a bunch of other user's groups, so that she could edit those user's files. Easily refactored into something more sensible. -- John