Path: utzoo!attcan!uunet!lll-winken!ames!mailrus!cornell!uw-beaver!tikal!sigma!sea375!dave
From: dave@sea375.UUCP (David A. Wilson)
Newsgroups: comp.os.misc
Subject: Re: Unix bigotry
Message-ID: <229@sea375.UUCP>
Date: 13 Jan 89 03:09:52 GMT
References: <1135@raspail.UUCP>
Organization: At Home in Seattle, WA
Lines: 32

From article <1135@raspail.UUCP>, by bga@raspail.UUCP (Bruce Albrecht):
> 
> Actually, Unix's file security is quite crude.  Because it doesn't have access
> control lists for files, the only way to permit a file to specific users is
> to create new groups (if one is allowed) that include only those users.
Access control list are nice for some cases, but I have found them to be
easily abused. For example, some systems allow wildcard specifications of
usernames. I found a system in which many ACLs contained usernames like
'W*', 'WI*', 'TEST*', etc. It turned out that the system manager was too
lazy to type in the 10 users with names starting in 'W' who were allowed
to access certain files. Guess what happens when 1 year later a user is
added to the system with a username that start with 'W'!
Now you have to find and correct all the ACLs on the system.
I think group ownership and group membership are far more managable than ACLs.
Of course if you use group designators in ACLs things are much easier,
but then the difference between ACLs and unix
style permissions are much less distinct. Multiple-group membership ala
4.[23] BSD Unix is very powerful, but, unfortunately, the old one-user-one-group
scheme of non-BSD Unix derivatives makes ACLs look more neccessary. :-(

I still have not seen any convincing argument for ACLs being more secure
than Unix permission bits.  It's all in how you use them, and in how well
the system software enforces access rights.

> Last > time I checked, it didn't have guardian procedures, either.
What's are guardian procedures?


------------------------
-- 
	David A. Wilson
	uw-beaver!tikal!slab!sea375!dave