Quoting Piotr Wadas pwadas@jewish.org.pl:
I think this is the very important part here -- deprecated and discouraged. I'd argue that long term, ACI support should be removed entirely (perhaps for 2.5?). The entire concept of ACI's is broken.
Is it really so bad? I mean, I actually don't now, you're probably right if you say so, anyway I'd really regret such feature to be discontinued. I was testing it very long ago, and, nevertheless its complexity and its experimental flavour, the concept itself was very exciting.
I've been using it successfully for years on my production machines. Granted, it's a mess to work. But so is everything if you don't have the right tools...
I was hoping someday this will be implemented in tested/documented and stable version.
So did I.
Imagine that someone could say, that "the entire priviledges and ownerships concept in Unix is broken", wouldn't that sound a little bit em. weird? :)
No, because 'everyone' have said it for years :)
That's why they invented ... whats-the-module that do ACL in filesystems... Haven't compiled a kernel in quite a while, but there IS an option (and have for quite a number of years) that gives MORE (MUCH more) control to the administrator.
And in AFS (which I use extensivly), there's ACL's as well...
UNIX access control is _horribly_ broken. BUT, and I would like to plea to the OL developers. Don't remove something like OpenLDAPaci without having a replacement! Even though it might be bad, it's the only thing usable (I'm not going with the ACL because _that_ I find broken! :).
Static access control!? You got to be kidding...
what could do the work better than such (actually simple in its basics) concept ?
Basically anything for someone with a dynamic environment... But let's not go there...