Path: utzoo!utgpu!watmath!watdragon!jmsellens From: jmsellens@watdragon.waterloo.edu (John M. Sellens) Newsgroups: comp.unix.wizards Subject: Re: File daemons (was: How do I detect who and when A file gets accessed ?) Message-ID: <16687@watdragon.waterloo.edu> Date: 26 Sep 89 06:11:27 GMT References:<14609@bloom-beacon.MIT.EDU> Reply-To: jmsellens@watdragon.waterloo.edu (John M. Sellens) Distribution: na Organization: U. of Waterloo, Ontario Lines: 13 In article <14609@bloom-beacon.MIT.EDU> scs@adam.pika.mit.edu (Steve Summit) writes: >Note that ACL's could be easily implemented under a "file daemon" >scheme (this is one indication of its superior generality): you >could write an ACL-checking daemon once, and attach it to any >file, storing the ACL itself in the per-file "out of band" data. It occured to me a while ago that you can get most of the benefits of ACL's with group memberships. Write a program or two to create new groups when needed, make sure that a user can be in some reasonable number of groups, and you get most of what people are interested in with existing mechanisms. Note that you can have an exclusion mechanism by sticking the excludee's userids in a group, making the file that group, and denying permissions to that group.