Scott Dier wrote: >On Wed, 2002-08-07 at 17:37, Richard Hoffbeck wrote: > > > >>internal mail is kept for 6 months while internal mail involving someone >>in sales is kept for 12 months. You need some way to determine if anyone >>involved with the message is in sales. >> >> > >Saying this is impossible is like saying the sky is falling. The >god-in-a-can "MS Domain model" isn't that special. I've managed >'complicated' situations with user/group and netgroup files. Generally, >if you need to be so fine grained that enhanced models are important, >its not very hard to implement it at the application level with >netgroups as the base. Stating that the operating system requires hooks >to achieve this god-in-a-can effect is really not the only way to go >about this. > First I didn't say it was impossible. Clearly anyone can whip up a application with varying success that does exactly the same thing. I was providing an example of why some organizations might find Exchange to be a more cost effective since the domain model already contains a large amount of information about their users and user characteristics, and those characteristics are available from a central source. Its not that the MS security model is so good, its that the Unix security model is so bad - actually, dated is probably a better description. There are all sorts of options for authentication, but once the user is logged in, you're back to access control based on rwx/owner-group-world and flat group memberships. It doesn't even support access control lists without patching the system. For a given situation you can create a bunch of groups and assign users to restrict access just the way you want it. The question is whether it makes any sense to administer a system this way. Its cumbersome and error prone. It also requires an administrator to make changes to the groups to effect changes in access permissions where the MS Domain model allows users to change permissions on resources that they own. On a stock Linux install, how do I share a file I own with Bill and Mary without going through root to create a group with two users? At some point we have to start thinking about a richer model of users, groups and access control so that applications that need security services can work in a uniform way. The whole point of putting hooks in the kernel to support 3rd party security modules is to let people experiment with different security models in a way that can be enforced across the entire system rather than within a single application. This is no different than what is going on with the competing approaches to journaling file systems. But the kernel is where access control (such as it is) currently resides and that's where it needs to be fixed. And to make a token attempt to be on topic :-) there was a piece at NewsForge, http://newsforge.com/newsforge/02/08/07/2225239.shtml?tid=30 about Samsung Contact, aka HP OpenMail, which quotes Samsung as estimating the TCO of Exchange at $16/user per month and Contact at $9/month per user. --rick