[mdlug] Fw: am I for real - ACLs difficult to administer

Dean Durant mdlug at sbcglobal.net
Mon Oct 13 04:16:06 EDT 2008 

Well.   Am I for real.   Well, I like to think so.    I might not be
the most technical person on this list.   I might very well be the
least technical person.  So, sorry about that.  I do use linux (only)
at home.  I do support some linux CAE workstations at work.   And we
have a new linux cluster where I work.   



This was the situation:   HR is 2 people, who needed r/w access to a
bunch of files.   A boss, and a worker.  This was non-negotiable.   The
"executive" group of 14 people needed read-only access to the files.  
And "Everyone else" had to be "no access".    The server was
Solaris.    But the actual server was a "network appliance" running
some kind of stripped down unix/linux/bsd kernel and doing nothing but
file serving.  It was exported out via the Solaris box.     



Is this extremely rare?   OK, if you say so.     



Another scenario that came up:    Desginers needed r/w access to CAD
files.   Engineers needed read-only.    All the sales and marketing
people they wanted to keep out under all circumstances.    



In both cases, so far as I could tell, ugo was not good enough.   
Solaris supported acls, but the netapp didn't.    Plus everything went
out to the windows users via samba.   Ultimately, it was the version of
nfs, I learned, being used on the netapp, that didn't support ACLs.   



The old IT manager was a unix guy.     The new boss will use whatever
he thinks will get the job done.     NTFS permissions seem more
straightforward to him.    Plus, there a 3 young point-and-click admin
guys who think windows is the shizzle.   In this case, because we could
not get the unix acls to work, the conclusion people reached was, "It
can't be done with nfs, therefore, ntfs is superior"    The netapp
support ntfs permissions, nfs, and "mixed".   But they don't seem to
support unix acls as a "native" filesystem.    



This has gone on for months.   But unix and linux have mostly been
losing.  It's still mostly a cad shop.   And Catia doesn't run on
linux, and neither does the GM toolkit for checking cad parts.  
Designers are a non-computer literate lot, and they hate unix.    So do
design managers.    So these questions murk about in my head for a long
time.   I try to think of a good way to express them, but sometimes I
fall short.   Sorry.   But thanks for your reply, it was instructive.  

More information about the mdlug mailing list