Re: 2.4.8 Resource leaks + limits

Anton Altaparmakov (aia21@cam.ac.uk)
Wed, 15 Aug 2001 21:57:19 +0100

At 21:15 15/08/2001, Alan Cox wrote:
> > Not really. Large installations use ACLs instead of groups.
>
>Umm you can't use ACL's for resource management. You have to be able to
>charge an entity. Its not a permission to access, its a "who is paying" and
>that requires a real entity to charge to

While we are on this topic, wouldn't it make sense to introduce unique
identifiers, which can be associated with users, groups, or any other
kernel object for that matter, then this is the entity you charge. The
kernel can then map the id to the user or group (or whatever object).

When ACLs are introduced they would grant/deny permissions and in general
operate only on unique identifiers.

This would have the benefit that the identifiers can be made sufficiently
unique to work on a whole network (or even larger scales), which would make
user management much easier for large corporations, much akin to what
Netware and Windows servers do in fact...

Just my 2p.

Anton

-- 
   "Nothing succeeds like success." - Alexandre Dumas

-- 
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Linux NTFS Maintainer / WWW: http://linux-ntfs.sf.net/
ICQ: 8561279 / WWW: http://www-stu.christs.cam.ac.uk/~aia21/


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/