I strongly disagree with that last sentence. There are a number of things
that ACLs let you do, that standard UNIX security does not. I would even
argue that ACLs can lead to better security, as it allows you to specify
combinations which would be difficult or impossible with traditional UNIX
mechanisms. Like most anything, it depends on the application.
I agree that, like any powerful tool, ACLs can be easily misused. But that
theory applies to UNIX in general. :-) I have implemented Linux in
situations as small as a six person company, and even then, ACLs were
something I missed. I would be happy to provide examples if you like.
As far as existing tools and auditing techniques go, yes, ACLs are outside
their domain. However, I believe categorically dismissing all possible
improvements is an error. Otherwise, this mailing list would not exist. :)
-- Benjamin Scott dragonhawk@iname.com
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/