Hacker News new | past | comments | ask | show | jobs | submit login

No, there's no need to use `setfacl` over `chown/chmod` in the author's example.

The reason that the author uses umask 077 and ACLs is, I think, just a mindset. By using 077, the file is restricted to only the owner, and the sysadmin does not need to think about group memberships. By extending read access using an ACL, this theme is continued; additional usernames will be appended as ACLs, but no group set of usernames needs to exist.

A file named "alfred" would, presumably, only ever needed to be read by root and alfred, but that's just the narrow case for the author's scheme.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: