[Cryptography] Do capabilities work? Do ACLs work?

Dave Horsfall dave at horsfall.org
Thu Feb 12 03:08:14 EST 2015


On Wed, 11 Feb 2015, Peter Gutmann wrote:

> Having said that, ACLs are better-suited to expressing most of what 
> users want then capabilities.  The reason why both Unix and Windows use 
> groups and permissions the way they do isn't because of a grand 
> anti-capability conspiracy, it's because that's the most 
> practical/real-world-applicable way to do it.

I never cease to be astonished that groups are not used more often; one of 
my favourite sayings was that if you think you need set-uid, you can 
almost certainly use set-gid instead.

-- 
Dave Horsfall DTM (VK2KFU)  "Bliss is a MacBook with a FreeBSD server."
http://www.horsfall.org/spam.html (and check the home page whilst you're there)


More information about the cryptography mailing list