| Stephen Gran on Fri, 8 Nov 2002 10:50:15 -0500 |
|
On Fri, Nov 08, 2002 at 10:32:23AM -0500, epike@isinet.com said:
> Thank you for the info. I read about it last nite and ACL looks the
> perfect thing for me!
>
> HOWEVER I tested it on RedHat 8.0 and it doesnt work ("feature not
> implemented???")! I dont want to patch the kernel either--i would
> like to be in a position to quickly reinstall an OS when things go
> wrong.
>
> Any other good Disto that implements ACL out of the box?
Debian: steve:~$ apt-cache search acl
acl - Access control list utilities
<snip>
kernel-patch-2.4-grsecurity - grsecurity kernel patch - OpenWall based 2.4.x security patch
kernel-patch-acl - Extended attributes, and ACL kernel-patches for ext2/ext3
libacl1 - Access control list shared library
<snip some more>
Debian allows you to treat your kernel as a package, so installing,
removing, patching, can all be done as easily as managing other
packages. It's not 'out of the box' in the sense that it's by default,
but it's close enough, in that you can deal with kernel patches very
easily, and back out of them just as easily.
> I'm also tempted to remount the direcotry using SAMBA just so i can
> remap uids and gids...is that foolish or what? I researched on NFS
> and it doesnt do uid/gid remapping (just the user "nobody" by the
> root_squash feature)... When I go 2 boxes later anyway I might do
> things out of the network (1 box login/ftp/mail, with the other box
> serving web, shared network disk).
>
> jondz
SAMBA (and mount) do allow you to map UID's and GID's, but only because
FAT filesystems don't have that concept. NFS won't do it ordinarily,
because the filesystem already contains UID's and GID's. This can make
it a pain to maintain UID's across a number of boxes, unless you use
NIS.
--
Stephen Gran
steve@lobefin.net
http://www.lobefin.net/~steve
Attachment:
pgplFHXQULmkd.pgp
|
|