From owner-freebsd-questions  Thu Dec  6  6:21:13 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from dirc.bris.ac.uk (dirc.bris.ac.uk [137.222.10.51])
	by hub.freebsd.org (Postfix) with ESMTP id 0579F37B417
	for <freebsd-questions@freebsd.org>; Thu,  6 Dec 2001 06:21:11 -0800 (PST)
Received: from mail.ilrt.bris.ac.uk by dirc.bris.ac.uk with SMTP-PRIV 
          with ESMTP; Thu, 6 Dec 2001 14:05:02 +0000
Received: from cmjg (helo=localhost) by mail.ilrt.bris.ac.uk 
          with local-esmtp (Exim 3.16 #1) id 16Bz6h-00015G-00;
          Thu, 06 Dec 2001 14:02:35 +0000
Date: Thu, 6 Dec 2001 14:02:35 +0000 (GMT)
From: Jan Grant <Jan.Grant@bristol.ac.uk>
X-X-Sender:  <cmjg@mail.ilrt.bris.ac.uk>
To: Cliff Sarginson <cliff@raggedclown.net>
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: ACLs Was: Modifying only certain bits with chmod
In-Reply-To: <20011206132237.GB9605@raggedclown.net>
Message-ID: <Pine.GSO.4.31.0112061358420.323-100000@mail.ilrt.bris.ac.uk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Thu, 6 Dec 2001, Cliff Sarginson wrote:

> I was reading about the impending arrival of ACL's in FreeBSD 5
> yesterday...talk about confusing the children. And it seems, if I
> am correct, that it has no impact on the execution of programs, which
> is where it would be *really* useful in de-terrorising the use of
> root..but that is another topic all together.
> Or perhaps I am missing the point.

ACLs _are_ pretty useful; they're only (in the POSIX world) file-system
things, indeed - TrustedBSD has other goodies to offer too. But their
usefulness really depends on what you want to use the system for. More
flexible file-system privs for a file-server is the obvious use; it'll
be nice * when that bit of samba works out of the box.

Someone had a query recently regarding suExec and apache CGI serving
that sounded like an ideal use for extended ACLs.

jan

* ie, convenient in the extreme

-- 
jan grant, ILRT, University of Bristol. http://www.ilrt.bris.ac.uk/
Tel +44(0)117 9287088 Fax +44 (0)117 9287112 RFC822 jan.grant@bris.ac.uk
(Things I've found in my attic, #2: A hundredweight of pornography.)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message