I think SELinux is amazingly complete. It allowed us to implement a solution that always requires 2 users, from a group of 3. You throw LUKS, encrypted drives, and removable media into the mix, and you have as close to a bullet proof scenario as possible. On the other hand, I don't want to have to write code that the average admin can't administer without spending a month dealing with a sharp learning curve.
Like a lot of us here I'm a developer, and a system administrator. When I have my development hat on I try to think of the user, and what they have to put up with, while balancing it with security requirements etc. As an administrator, I know I'm willing to tolerate more than most users. The difficult part for me, is defining my target audience, and understanding their abilities and tolerance, and shooting for that. And sometimes the perfect solution, has to be hobbled security wise, or the product won't sell. The only way I've found to begin addressing that is though intelligent defaults, and meaningful dialogs/user interaction.
I am intrigued by the Netware ACL's though, since you seem to have found a happy place when dealing with them as opposed to other permission systems. Thanks for the input.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds