switching between groups
Nicolas Rachinsky
list at rachinsky.de
Tue Jan 6 14:25:53 PST 2004
* Adil Katchi <AdilK at sandvine.com> [2004-01-06 17:01 -0500]:
> I don't follow, what do you mean?
A file with mode rw----r-- owned by root:group1 could be read by
anyone who is not in group1.
Nicolas
Confusing quote:
> -----Original Message-----
> From: Nicolas Rachinsky [mailto:list at rachinsky.de]
> Sent: Tuesday, January 06, 2004 4:44 PM
> To: 'freebsd-hackers at freebsd.org'
> Cc: Adil Katchi
> Subject: Re: switching between groups
>
>
> * Bruce M Simpson <bms at spc.org> [2004-01-06 18:11 +0000]:
> > On Tue, Jan 06, 2004 at 11:14:06AM -0500, Adil Katchi wrote:
> > > I was just wondering if anyone has any ideas how it's possible for a
> user
> > > that belongs to multiple groups to somehow limit his or her own
> capabilities
> > > by using only one of the n groups that they belong to and be able to
> switch
> > > between these groups? For example, if userA belongs to groupA, groupB
> and
> > > groupC, can userA enter a mode that would force it to only belong to
> groupA
> > > (or groupB, or groupC)? UserA whould be able to switch between these
> groups
> > > and back to normal (ie. belong to all groups).
> >
> > newgrp(1) could be hacked to do this fairly easily. Currently it preserves
> > supplemental group memberships. An option to discard supplementals could
> > be added.
>
> But you shouldn't forget, you can deny access to a specific group now.
> This won't work any longer, when users can leave groups at will.
>
> Nicolas
>
More information about the freebsd-hackers
mailing list