DENY ACLs
Ken Cross
kcross at ntown.com
Mon Aug 20 18:59:15 GMT 2001
While I agree that it may be a less-than-optimal set of group definitions,
we're stuck with legacy organizations (WinNT & Win2K) that have exactly
that. It's not uncommon, either.
There's no question I'll need it -- I just wanted to make sure it hadn't
been done and that I'm not missing something important.
Thanks again for the feedback.
Ken
>
> You're correct. All groups are treated equally, and this case
> would result in those belonging to both groups getting access.
> The POSIX group's response would be that you should not have
> given GroupA access, as that group does not accurately describe
> the set of people you want to have access. Instead you should
> either have a GroupC, made of GroupA-but-not-GroupB, or
> list the individuals.
>
> You can provide the access you want, although it may take
> some work to specify it correctly.
>
To Unsubscribe: send mail to majordomo at cyrus.watson.org
with "unsubscribe posix1e" in the body of the message
More information about the posix1e
mailing list