From owner-freebsd-chat Fri Mar 12 17:40:13 1999 Delivered-To: freebsd-chat@freebsd.org Received: from o-o.org (o-o.org [207.252.201.100]) by hub.freebsd.org (Postfix) with ESMTP id C81691514B for ; Fri, 12 Mar 1999 17:39:19 -0800 (PST) (envelope-from licia@o-o.org) Received: from localhost (root@localhost) by o-o.org (8.8.8/8.8.8) with ESMTP id TAA25113; Fri, 12 Mar 1999 19:39:07 -0600 (CST) (envelope-from licia@o-o.org) Date: Fri, 12 Mar 1999 19:39:06 -0600 (CST) From: Licia To: Brett Glass Cc: freebsd-chat@FreeBSD.ORG, fad@o-o.org Subject: Re: added chroot to /usr/bin/login In-Reply-To: <4.1.19990312182830.03ff2240@localhost> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Sure, knock yourself out :) The patches are BSL :) I'm not familiar with s/key though, so I will have to take your word on it's functionality :) hmmm if I remove the chroot-group part, this whole problem would go away for you too... wonder if it would help anyone else :) anyway, have fun :) On Fri, 12 Mar 1999, Brett Glass wrote: > At 07:25 PM 3/12/99 -0600, Licia wrote: > > >For this situation I think really that anything else would be overkill. I'm > >actually thinking of removing the chroot-group idea, and having it totally > >based on /etc/login.conf, but for now I think it's ok as it is :) > > It might be. The only reason I like the idea of having an /etc/loginchroot > file is as follows. I currently administer a system that has LOTS of users > whose access to things must be limited. We started by putting them all > in one group and using that one GID as a criterion. But the group got > past 200 users and this started messing up. > > Also, there's the problem that a user can only be in some small number > (16, I think) of groups. Several users are at their limit on that system. > To add them to a "chroot group" would break things! > > I think that S/Key's scheme would be overkill, but that the one used by > ftpd for the same purpose is about right. It also has the advantage of > establishing a consistent convention. Would you be willing to let me > work on this with you? I'd be glad to submit code to test. > > --Brett Glass > > > > [ licia@o-o.org ] [ http://www.o-o.org/~licia/ ] [ Alias : Ladywolf] [ Telnet to o-o.org and log in as bbs ] [ ssh -l bbs -C o-o.org ] [ A happy user of FreeBSD : http://www.freebsd.org/ ] main(){int num[4]={1768122732,762265697,1919889007,103};printf("%s\n",num);} To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message