One thing that drives me crazy with file permissions on unix, compared
to windows, is how inflexible they are out of the box. On windows file
permissions are extremely flexible, and offer outstanding group
support. On linux you get 1 group, 1 owner, and everyone else. On
windows you can assign based on an unlimited number of individuals or
groups (or, at least, i have never seen a limit).
I know the same level can be achieved on linux using ACLs, but it
strikes me as a bit of a hack and doesn't work out of the box. My
solution has been to create specific groups and add/remove people from
those groups as needed. But often that leads to creating more groups
than are really needed.
If group A needs access to Files X, Y, and Z
and Person B need access to file Y but canNOT have access to X an Z
and Files X and Y are in Directory M and file Z in in Directory N
and Group A should only have access to File Z in Directory N and list
access on the rest of the files
And Group C needs access to all the files in Directory N
Its possible to do with some creative group creations, using only the
default linux file permissions. But, its not a whole lot of fun.
Everyone is always caught up in the user experience holding linux
back ... when in reality i think its more low-level than that. File
Permissions being one of those problems.