Date: Fri, 12 Mar 1999 18:32:40 -0700 From: Brett Glass <brett@lariat.org> To: Licia <licia@o-o.org> Cc: freebsd-chat@FreeBSD.ORG, fad@o-o.org Subject: Re: added chroot to /usr/bin/login Message-ID: <4.1.19990312182830.03ff2240@localhost> In-Reply-To: <Pine.BSF.4.05.9903121853470.24744-100000@o-o.org> References: <4.1.19990312174003.03fc2490@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 07:25 PM 3/12/99 -0600, Licia wrote: >For this situation I think really that anything else would be overkill. I'm >actually thinking of removing the chroot-group idea, and having it totally >based on /etc/login.conf, but for now I think it's ok as it is :) It might be. The only reason I like the idea of having an /etc/loginchroot file is as follows. I currently administer a system that has LOTS of users whose access to things must be limited. We started by putting them all in one group and using that one GID as a criterion. But the group got past 200 users and this started messing up. Also, there's the problem that a user can only be in some small number (16, I think) of groups. Several users are at their limit on that system. To add them to a "chroot group" would break things! I think that S/Key's scheme would be overkill, but that the one used by ftpd for the same purpose is about right. It also has the advantage of establishing a consistent convention. Would you be willing to let me work on this with you? I'd be glad to submit code to test. --Brett Glass To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990312182830.03ff2240>