Path: utzoo!utgpu!watmath!watdragon!jmsellens
From: jmsellens@watdragon.waterloo.edu (John M. Sellens)
Newsgroups: comp.unix.wizards
Subject: Re: File daemons (was: How do I detect who and when A file gets accessed ?)
Message-ID: <16687@watdragon.waterloo.edu>
Date: 26 Sep 89 06:11:27 GMT
References:  <14609@bloom-beacon.MIT.EDU>
Reply-To: jmsellens@watdragon.waterloo.edu (John M. Sellens)
Distribution: na
Organization: U. of Waterloo, Ontario
Lines: 13

In article <14609@bloom-beacon.MIT.EDU> scs@adam.pika.mit.edu (Steve Summit) writes:
>Note that ACL's could be easily implemented under a "file daemon"
>scheme (this is one indication of its superior generality): you
>could write an ACL-checking daemon once, and attach it to any
>file, storing the ACL itself in the per-file "out of band" data.

It occured to me a while ago that you can get most of the benefits
of ACL's with group memberships.  Write a program or two to create
new groups when needed, make sure that a user can be in some reasonable
number of groups, and you get most of what people are interested
in with existing mechanisms.  Note that you can have an exclusion
mechanism by sticking the excludee's userids in a group, making the
file that group, and denying permissions to that group.