Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!columbia!rutgers!sri-spam!mordor!lll-lcc!lll-tis!ptsfa!ihnp4!cbosgd!hal!ncoast!rterrell
From: rterrell@ncoast.UUCP (Roger Terrell)
Newsgroups: comp.misc
Subject: Re: access-lists vs. unix permissions
Message-ID: <3262@ncoast.UUCP>
Date: Mon, 20-Jul-87 17:33:55 EDT
Article-I.D.: ncoast.3262
Posted: Mon Jul 20 17:33:55 1987
Date-Received: Wed, 22-Jul-87 06:28:18 EDT
References: <1334@ssc-vax.UUCP>
Reply-To: rterrell@ncoast.UUCP (Roger Terrell)
Organization: Cleveland Public Access UN*X, Cleveland, Oh
Lines: 19
Keywords: security

In article <1334@ssc-vax.UUCP> herber@ssc-vax.UUCP (David A Wilson) writes:
>	The issue I would like to discuss is why are access-lists considered
>more secure that unix-style owner/group/other permission(as the specification
>seems to apply)? Are there any studies that show this? I can see no reason
>that unix permissions cannot provide equivalent level of data access
>protection to access-lists. With multiple group membership, such as provided
>in BSD Unix, file access can be controlled to any level desired.

Access-lists *in addition* to owner/group/other permissions are more secure
because they provide a convienient way to grant a specific user(s) access
to a file (or deny access).  This is good if I am in one group and want 
someone in another group--and ONLY that one person--to be able to access
a file.  I don't have to open it to everyone on the system.  It is true
that you could probably fudge most situations where access-lists are
useful by using regular permissions, but the convienience factor counts too.

Roger Terrell
UUCP: ...cbosgd!musky2!terrell
CSNet: ccterrell%muskingum.edu@relay.cs.net