Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!columbia!rutgers!sri-spam!mordor!lll-lcc!lll-tis!ptsfa!ihnp4!cbosgd!hal!ncoast!rterrell From: rterrell@ncoast.UUCP (Roger Terrell) Newsgroups: comp.misc Subject: Re: access-lists vs. unix permissions Message-ID: <3262@ncoast.UUCP> Date: Mon, 20-Jul-87 17:33:55 EDT Article-I.D.: ncoast.3262 Posted: Mon Jul 20 17:33:55 1987 Date-Received: Wed, 22-Jul-87 06:28:18 EDT References: <1334@ssc-vax.UUCP> Reply-To: rterrell@ncoast.UUCP (Roger Terrell) Organization: Cleveland Public Access UN*X, Cleveland, Oh Lines: 19 Keywords: security In article <1334@ssc-vax.UUCP> herber@ssc-vax.UUCP (David A Wilson) writes: > The issue I would like to discuss is why are access-lists considered >more secure that unix-style owner/group/other permission(as the specification >seems to apply)? Are there any studies that show this? I can see no reason >that unix permissions cannot provide equivalent level of data access >protection to access-lists. With multiple group membership, such as provided >in BSD Unix, file access can be controlled to any level desired. Access-lists *in addition* to owner/group/other permissions are more secure because they provide a convienient way to grant a specific user(s) access to a file (or deny access). This is good if I am in one group and want someone in another group--and ONLY that one person--to be able to access a file. I don't have to open it to everyone on the system. It is true that you could probably fudge most situations where access-lists are useful by using regular permissions, but the convienience factor counts too. Roger Terrell UUCP: ...cbosgd!musky2!terrell CSNet: ccterrell%muskingum.edu@relay.cs.net