|
|
|
|
|
|
by bandrami
3486 days ago
|
|
|
ACLs are a terribly complex mechanism that would require a lot of new code added to the kernel ACLs also make me as an administrator have to think much harder about, well, everything. Same problem with capabilities: each new layer increases the complexity of the reasoning required combinatorially ("so, the daemon isn't running as root, but it's in the daemon group, and the file has these capabilities, and those ACLs...") |
|
|