• palordrolap@kbin.social
    link
    fedilink
    arrow-up
    26
    ·
    1 year ago

    Technically, this is also possible by creating extra groups, but this kind of access control presumably exists because the old-school method can be a pain to administer. Choosing group names can also be an “interesting” secondary challenge.

    i.e. Dude’s not going to be best pleased if they ls -l and see the group on the file is xyzgroup-but-not-dude even if it is with good reason. (Shouldn’t have deleted the database, dude.)

    • tal
      link
      fedilink
      arrow-up
      17
      ·
      1 year ago

      I don’t really think that that’s a realistic goal for ACLs. I mean, getfacl showing the user specifically being excluded probably isn’t any more-polite.

    • Papamousse@beehaw.org
      link
      fedilink
      arrow-up
      13
      ·
      1 year ago

      In a previous life (in the 90s) I was a un*x sysadmin, and ACL is nightmarish in big company, I hated it and avoided it