My real concern is just having to repeat the same subjects for similar ACLs. It would be nice to be able to group a bunch of subjects together and just refer to them in subsequent rules.
Sounds like you want the "user class" concept that Kurt talked about a couple times. I haven't seen any action on implementing them though.
Actually, I wonder if I could get away with just putting "by * break" at the end of each special-case rule, which would fall through to the "access to *" at the end.
--Quanah
-- Quanah Gibson-Mount Principal Software Developer ITSS/Shared Services Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html