[Esd-l] macro scanner: defang instead of refuse

Floyd Pierce floydp at boxusa.com
Wed Jun 5 11:36:01 PDT 2002


At 10:50 AM 6/5/2002 -0700, Kenneth Porter wrote:
>On Wed, 2002-06-05 at 04:53, Floyd Pierce wrote:
> > Your lack of knowledge regarding Unix permissions must be legendary.
>
>Instead of getting into a DSW, can we keep this list informative? I
>already know how Unix permissions work. I need to know if it's possible
>to teach a non-technical NT/2k/XP workstation user how to use local
>ACL's to share files selectively. Let's not drive the Windows experts
>away.

First, this is not the Winblows file sharing list.

Second, unless you have some structure, that is some defined groups or
   the willingness to ignore security of the files in question, you won't
   be able to accomplish this without insane demands on the system admins.

>I am inclined to agree that NTFS ACL's provide more fine-grained access
>control. (I understand that there's a move afoot to add ACL's to Linux
>filesystems.) However, I don't really understand how the system works
>when one factors in multiple NT/2k domains and local workstation logins.

The only ways that NTFS is more fine grained than any unix filesystem is
in ways that become impossible to administer. If I create a file that I
wish to have shared to 7 unrelated people (that is, they aren't in any
defined group), then another file that should be available to some
other random batch of people, and so on, I quickly reach the point
where I cannot reasonably deal with sharing at the administrative level.

It would be better to encrypt the file, post it to a public area, then
pass the keys to those that should have access.



--
Floyd Pierce              | Director of Information Technology
Phone  847-790-2830 (IL)  | Box USA
Phone  817-783-2355 (TX)  | floydp at boxusa.com
Fax    847-790-2880       | floyd at floydbob.com



More information about the esd-l mailing list