Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!wuarchive!gem.mps.ohio-state.edu!ginosko!aplcen!haven!adm!smoke!gwyn From: gwyn@smoke.BRL.MIL (Doug Gwyn) Newsgroups: comp.unix.wizards Subject: Re: File daemons (was: How do I detect who and when A file gets accessed ?) Message-ID: <11154@smoke.BRL.MIL> Date: 26 Sep 89 17:05:55 GMT References:<14609@bloom-beacon.MIT.EDU> <16687@watdragon.waterloo.edu> Reply-To: gwyn@brl.arpa (Doug Gwyn) Organization: Ballistic Research Lab (BRL), APG, MD. Lines: 12 In article <16687@watdragon.waterloo.edu> jmsellens@watdragon.waterloo.edu (John M. Sellens) writes: -It occured to me a while ago that you can get most of the benefits -of ACL's with group memberships. Write a program or two to create -new groups when needed, make sure that a user can be in some reasonable -number of groups, and you get most of what people are interested -in with existing mechanisms. Note that you can have an exclusion -mechanism by sticking the excludee's userids in a group, making the -file that group, and denying permissions to that group. This doesn't work, because the group-ID space isn't big enough for every combination of access rights to have its own group (unless, that is, your site has only a handful of users).