Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!seismo!husc6!sri-unix!sri-spam!ames!ucbcad!zen!ucbvax!jade!eris!mwm From: mwm@eris.BERKELEY.EDU (Mike (My watch has windows) Meyer) Newsgroups: comp.misc Subject: Re: access-lists vs. unix permissions Message-ID: <4371@jade.BERKELEY.EDU> Date: Thu, 16-Jul-87 15:52:27 EDT Article-I.D.: jade.4371 Posted: Thu Jul 16 15:52:27 1987 Date-Received: Tue, 21-Jul-87 04:11:38 EDT References: <1334@ssc-vax.UUCP> <1144@bloom-beacon.MIT.EDU> Sender: usenet@jade.BERKELEY.EDU Reply-To: mwm@eris.BERKELEY.EDU (Mike (My watch has windows) Meyer) Organization: Missionaria Phonibalonica Lines: 61 Keywords: security In article <1144@bloom-beacon.MIT.EDU> langz@athena.mit.edu (Lang Zerner) writes:herber@ssc-vax.UUCP (David A Wilson) writes: <> The issue I would like to discuss is why are access-lists considered <>more secure that unix-style owner/group/other permission(as the specification <>seems to apply)? < :joeschmoe This is a joke, right? There are two problems right off the bat. One - you've just limited yourself to 64K files on most systems - and that's using negative group ids, at that. Two - the maximum number of groups any user can be in is *very* small. Say, 32 maximum. For SysV people, it's 1. Any system small enough to live with the 64K files restriction is probably running SysV (IBM PC based). This means that if you need to compare two files, neither of which you own, but both of which you have access to, you've got to create a copy of one, chgrp to the other, then compare them. Likewise, having to find a superuser to give someone else permission to read the file is going to make your superusers very busy - and very unhappy - on anything but a small system..