[gobolinux-devel] /etc/group
Carlo Calica
carlo at calica.com
Fri Apr 27 06:04:36 UTC 2007
On 4/26/07, Ricardo Nabinger Sanchez <rnsanchez at wait4.org> wrote:
> On Wed, 25 Apr 2007 20:02:11 -0700
>
> But adding groups per-user is almost what you get by using ACLs.
>
True.
>
> Like you, I tend to think about large system, often much larger than
> practically acceptable, and also very heterogeneous (very means not only
> Gobo, and even not only Linux).
>
> Even so, I still don't see a point to have per-user groups, instead of
> well-defined (and fine-grained) groups, like cdrom, video, mount, sudo (or
> wheel), and so on. My list hardly goes over 30 groups.
>
> Isn't it possible to the 2 options co-exist? It may be harder, but I think
> it's worth it.
>
Those are orthogonal issues. per-user groups allow "friends of mine"
sharing between subsets of all users. This is NOT administrative
policy but choices that each user can make. "well-defined groups"
sets admin policy, for how sets of users can access the system.
There was a thread about the udev recipe on whether to unify
cdrom,video,audio into a single console group (sorry, don't remember
the outcome). That and this are really the same issue. Fine grained
control vs simplicity. As a distro we need to choose a path and
follow it.
--
Carlo J. Calica
More information about the gobolinux-devel
mailing list