Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!seismo!husc6!sri-unix!sri-spam!ames!ucbcad!zen!ucbvax!jade!eris!mwm
From: mwm@eris.BERKELEY.EDU (Mike (My watch has windows) Meyer)
Newsgroups: comp.misc
Subject: Re: access-lists vs. unix permissions
Message-ID: <4371@jade.BERKELEY.EDU>
Date: Thu, 16-Jul-87 15:52:27 EDT
Article-I.D.: jade.4371
Posted: Thu Jul 16 15:52:27 1987
Date-Received: Tue, 21-Jul-87 04:11:38 EDT
References: <1334@ssc-vax.UUCP> <1144@bloom-beacon.MIT.EDU>
Sender: usenet@jade.BERKELEY.EDU
Reply-To: mwm@eris.BERKELEY.EDU (Mike (My watch has windows) Meyer)
Organization: Missionaria Phonibalonica
Lines: 61
Keywords: security

In article <1144@bloom-beacon.MIT.EDU> langz@athena.mit.edu (Lang Zerner) writes:
 herber@ssc-vax.UUCP (David A Wilson) writes:
<>	The issue I would like to discuss is why are access-lists considered
<>more secure that unix-style owner/group/other permission(as the specification
<>seems to apply)?
<
:joeschmoe

This is a joke, right? There are two problems right off the bat.

One - you've just limited yourself to 64K files on most systems - and
that's using negative group ids, at that. Two - the maximum number of
groups any user can be in is *very* small. Say, 32 maximum. For SysV
people, it's 1.

Any system small enough to live with the 64K files restriction is
probably running SysV (IBM PC based). This means that if you need to
compare two files, neither of which you own, but both of which you
have access to, you've got to create a copy of one, chgrp to the
other, then compare them.

Likewise, having to find a superuser to give someone else permission
to read the file is going to make your superusers very busy - and very
unhappy - on anything but a small system..