You must log in or # to comment.
I understand it all less after reading that. I need more coffee.
The only thing you need to know about file acls is not to use them. Similar thing can be said for Network ACLs to be honest.
Technically, this is also possible by creating extra groups, but this kind of access control presumably exists because the old-school method can be a pain to administer. Choosing group names can also be an “interesting” secondary challenge.
i.e. Dude’s not going to be best pleased if they
ls -l
and see the group on the file isxyzgroup-but-not-dude
even if it is with good reason. (Shouldn’t have deleted the database, dude.)I have no idea what is going on but this looks good. I agree with you guys. Upvoted.