These are my ( Paul F. Markfort ) opinions on ACLs and extended attributes: First, Security works best when it is as simple as possible. (see: KISS - Keep It Small and Simple - https://en.wikipedia.org/wiki/KISS_principle). Notable deviants that prove the rule: Windows: The problem with Windows is the security concepts are so complex, and so poorly documented, that it is nearly impossible to secure any version of Windows newer than Windows 7 (and Windows 7 takes a lot of work). Windows did push some worthwhile security concepts: challenge response authentication, CTRL+ALT+DEL (yes really), killing all user processes when the user logs out, security principals attached to the type of login {interactive,network,service,authenticated,etc). Linux: Unfortunately - Linux security is heading the way of windows as well (Android doesn't even let you secure the OS). SystemD and DBUS are security problems waiting to happen (they definitely add a lot of overhead, and headaches for sys-admins). To me, ACL's are great when you need them (which, I find, is rarely); but, they add a level of complexity to auditing security that will result in reduced security (if you are not very careful and don't put in A LOT OF TIME checking file security). I personally think ACLs are one feature that doomed centrally managed systems in the 1990's and early 2000's (too expensive to maintain). Central management is coming back, because even a personal computer is too complicated for the average person to be trusted with. The same with extended attributes, they are basically unneeded (they are needed with SE-Linux, but that is overkill for most people, and it introduces security complexity. SE-Linux could replace attributes with a config file listing all the "special" files). SUID, SGID is a nice feature, but it should really work with config files (in /etc/set/uid/ and /etc/set/gid/ ) to go with it (so the file also has to be listed in those config files to have any special permissions), one of the things the config file could control is if the owner can change the permissions of the file. This may seem to make things more complicated - but actually could make auditing a bit less complicated. I even mount / (ext4) on my home systems with "nouser_xattr,noacl" (I don't use SE-Linux on my home machines). I personally think that the Linux OS partitions (/, /usr, /var, etc) should be mounted with "nouser_xattr,noacl". I also think that the default setting for mounting any filesystem on linux should include: nouser_xattr,noacl,nosuid,noexec - forcing the administrator to add those options when desired/needed. All 4 of these features can add needless security complexity in situations where they are not needed. Unix, was meant to be simple and easy to secure and use - https://en.wikipedia.org/wiki/Unix_philosophy Simplicity was one reason it became a standard choice for Mini computers in small business in the 1990's (Data General, HP, others, IBM eventually embraced Linux - AKA RedHat). Unix didn't take a CS degree (nor long specialized training) to set it up and secure it properly. Unix/Linux even became the standard for Computer Science and Engineering Schools - particularly when delving into kernel internals.