Trustees rocks! Huge maturity leap for Linux IMHO
We use our huge fileserver to serve Apples, Windows and Linux machines, and needed a centralized security system, that allows different groups to have different rights on the same shares.
I used to work with AIX and it's Extended attributes that contained Posix ACL's. Two kernel patch projects exist that support ACL's using extended attributes for Linux, but the data is stored within special blocks on the the system, i.e. modifying the contents of the actual filesystem.
Special tools are thus required to save all permissions to a special file, to be restored by another special tool.
Trustees defines all permissions in a special file which is read into the kernel at boot time, or whenever root feels like it. This file is just a normal file, so no special action is required to save your permissions.
The only drawback is that this type of ACL's can only be maintained by the system administrator; an individual user cannot maintain the ACL's of his own files. You'll need the POSIX compliant ACL tools for this... These work exactly like AIX's ACL's, and similar to NT's.
But for my purposes, Trustees was EXACTLY wat I needed... Great job by Vyacheslav...
Now if we could just get it into the main kernel development tree and make this baby mainstream!