[cap-talk] More Heresey: ACLs not inherently bad
James A. Donald
jamesd at echeque.com
Thu Sep 11 18:58:22 CDT 2008
Karp, Alan H wrote:
> I contend the installation endowment is the only time
> you need to grant O(20+) rights. Per execution is
> always(?) O(1).
And the installation endowment should be one of a small
set of named installation endowments, each of O(100)
rights - one for things like editors, one for things
like music players, and so on and so forth.
Most of these named installation endowments were created
by the people who prepared the operating system before
it was installed, and very rarely does an end user add a
new named group of endowments to this set
Normal end users will never and should never go through
a large set of rights creating an installation
endowment.
More information about the cap-talk
mailing list