Path: utzoo!utgpu!attcan!uunet!lll-winken!lll-ncis!helios.ee.lbl.gov!nosc!peanuts.nosc.mil!dennis
From: dennis@peanuts.nosc.mil (Dennis Cottel)
Newsgroups: comp.sys.apollo
Subject: Re: ACLs
Message-ID: <856@nosc.NOSC.MIL>
Date: 6 Jan 89 22:41:32 GMT
References: <40b47aa32.000bf2e@caen.engin.umich.edu>
Sender: nobody@nosc.NOSC.MIL
Reply-To: dennis@peanuts.nosc.mil (Dennis Cottel)
Organization: Naval Ocean Systems Center, San Diego
Lines: 17

But ACLs can't do groups nicely either.  Suppose you want a group of
people to have read/write access to a project directory.  So before
you start you set the ACLs at the root of the directory to explicitly
allow access for all those users in the group.  But if a new person
comes along later, you have to add to the ACLs for every file in the
tree.  And automating this is not easy because you can't just "edacl
-a newuser -user tree/... -all" because permissions will vary on files
within the tree: some are executable, RCS files are read only, etc.

Of course, you could simply set the ACLs to use %.project as the
userid, but then a person has to log in differently depending on what
s/he wants to do.  Ugh.

Too bad ACLs don't contain a group concept as well.

	Dennis Cottel  Naval Ocean Systems Center, San Diego, CA  92152
	(619) 553-1645      dennis@nosc.MIL      sdcsvax!noscvax!dennis