File daemons (was: How do I detect who and when A file gets accessed ?)
John M. Sellens
jmsellens at watdragon.waterloo.edu
Tue Sep 26 16:11:27 AEST 1989
In article <14609 at bloom-beacon.MIT.EDU> scs at adam.pika.mit.edu (Steve Summit) writes:
>Note that ACL's could be easily implemented under a "file daemon"
>scheme (this is one indication of its superior generality): you
>could write an ACL-checking daemon once, and attach it to any
>file, storing the ACL itself in the per-file "out of band" data.
It occured to me a while ago that you can get most of the benefits
of ACL's with group memberships. Write a program or two to create
new groups when needed, make sure that a user can be in some reasonable
number of groups, and you get most of what people are interested
in with existing mechanisms. Note that you can have an exclusion
mechanism by sticking the excludee's userids in a group, making the
file that group, and denying permissions to that group.
More information about the Comp.unix.wizards
mailing list