• palordrolap
    link
    fedilink
    241 year ago

    Technically, this is also possible by creating extra groups, but this kind of access control presumably exists because the old-school method can be a pain to administer. Choosing group names can also be an “interesting” secondary challenge.

    i.e. Dude’s not going to be best pleased if they ls -l and see the group on the file is xyzgroup-but-not-dude even if it is with good reason. (Shouldn’t have deleted the database, dude.)

    • @[email protected]
      link
      fedilink
      151 year ago

      I don’t really think that that’s a realistic goal for ACLs. I mean, getfacl showing the user specifically being excluded probably isn’t any more-polite.