I understand that some products and tools need to have extremely granular permissioning, but what about the underlying filesystem? In a related question, I asked about filesystems than closely compare to NTFS for granularity of permissions support natively.
The classic Unix permissions, read|write|execute for user|group|other, are great. But it seems that they fail when a user is part of more than one group, and a file needs to be accessible to both groups he's in, but no one else (so rw-rw-r-- is "bad" in this instance). A symlink could be created wherein the other group could read it, or a 'parent' group could be created to hold both of the ones the user is in, and have the file ownership be user:parent rather than user:boy, because then the user:girl group couldn't see it.
What good workarounds to this have you seen/implemented?
Best Answer
I think NTFS gets the balance almost exactly right with a good and simple basic set of options but also giving the possibility to dive in quite deep, but only if you need to. I've always found the Unix system to be overly simplistic (although this is probably as a result of Unix's heritage as a programmer's OS from the 70s rather than a deliberate dumbing down) for the reasons you've outlined, and am not a fan of hacks to work around those limitations. My experience of hacky workarounds is that they tend to evolve into business-critical technical strategies while not really changing in implementation.