> Seems to me that user-manageable groups would not eliminate the need for ACLs,
> but that it does complement them, allowing additional flexibility and ease of
> use. ACL=access control list, right?
In theory user-manageable groups can provide the complete equivalent for
ACLs, however there will be as many groups as different sets of
users/permissions in ACL, so even though in real situations reasonably low
number of them will be kept, there can be situations where ACLs will
require less resources than a set of groups. Currently there is a rather
low limit for the total number of groups, user can be in, and it may be
possible to change that to support ACL-like things in "classic" user/group
model.
> Another question: what reads /etc/group? Is it the kernel or something else?
getgrent(3),setgrent(3),endgrent(3),getgrnam(3),getgrgid(3), and most
important, initgroups(3). As you can see, all of them are library
routines.
Supporting ACL or changing the maximum number of groups in
simultaneously used set (and dealing with performance issues, associated
with both) is related to kernel, however userspace utilities to manage
ACLs or large groups sets are not.
-- Alex
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/faq.html