Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!ginosko!aplcen!haven!adm!smoke!gwyn
From: gwyn@smoke.BRL.MIL (Doug Gwyn)
Newsgroups: comp.unix.wizards
Subject: Re: File daemons (was: How do I detect who and when A file gets accessed ?)
Message-ID: <11154@smoke.BRL.MIL>
Date: 26 Sep 89 17:05:55 GMT
References:  <14609@bloom-beacon.MIT.EDU> <16687@watdragon.waterloo.edu>
Reply-To: gwyn@brl.arpa (Doug Gwyn)
Organization: Ballistic Research Lab (BRL), APG, MD.
Lines: 12

In article <16687@watdragon.waterloo.edu> jmsellens@watdragon.waterloo.edu (John M. Sellens) writes:
-It occured to me a while ago that you can get most of the benefits
-of ACL's with group memberships.  Write a program or two to create
-new groups when needed, make sure that a user can be in some reasonable
-number of groups, and you get most of what people are interested
-in with existing mechanisms.  Note that you can have an exclusion
-mechanism by sticking the excludee's userids in a group, making the
-file that group, and denying permissions to that group.

This doesn't work, because the group-ID space isn't big enough for
every combination of access rights to have its own group (unless,
that is, your site has only a handful of users).