Subject: Re: Support for ACLs
To: None <tech-kern@netbsd.org>
From: Lucio De Re <lucio@proxima.alt.za>
List: tech-kern
Date: 03/13/2001 16:41:01
On Tue, Mar 13, 2001 at 03:34:06PM +0100, Olaf Seibert wrote:
>
> In v7, one user could be in any number of groups but only one at a time.
> There was a (presumably shell-builtin) command to switch to any group
> one belonged to (setgrp, I think). BSD introduced the feature of being
> in multiple groups at once, and the setgrp command disappeared.
>
I think newgrp is still aliased to "exec newgrp" in the Korn shell. I
did look for "newgrp" a short while back, but i can't remember if I
found it or not.
> Perhaps it is useful to revive the old idea for the time being but
> setting multiple groups at once. There is a setgroups(2) system call,
> but the caller needs to be root though.
>
It's a nuisance. Like ACLs, the administration becomes a nightmare,
and only a clear representation (compare "ls -l" with WinNT's ACL
administration and their "properties/Security" display) will make a
different scheme acceptable. It just seems to have too many dimensions.
++L