From owner-cvs-lib Sat Aug 30 18:12:13 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id SAA10857 for cvs-lib-outgoing; Sat, 30 Aug 1997 18:12:13 -0700 (PDT) Received: from awfulhak.demon.co.uk (awfulhak.demon.co.uk [158.152.17.1]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id SAA10815; Sat, 30 Aug 1997 18:12:02 -0700 (PDT) Received: from gate.lan.awfulhak.org (localhost [127.0.0.1]) by awfulhak.demon.co.uk (8.8.5/8.8.5) with ESMTP id BAA23911; Sun, 31 Aug 1997 01:02:16 +0100 (BST) Message-Id: <199708310002.BAA23911@awfulhak.demon.co.uk> X-Mailer: exmh version 2.0zeta 7/24/97 To: Guido van Rooij cc: brian@FreeBSD.ORG (Brian Somers), cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-lib@FreeBSD.ORG Subject: Re: cvs commit: src/lib/libutil login_progok.3 login_progok.c Makefile libutil.h login.conf.5 In-reply-to: Your message of "Fri, 29 Aug 1997 21:56:44 +0200." <199708291956.VAA13103@gvr.gvr.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Sun, 31 Aug 1997 01:02:16 +0100 From: Brian Somers Sender: owner-cvs-lib@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk > Brian Somers wrote: > > brian 1997/08/27 13:06:21 PDT > > > > Modified files: > > lib/libutil Makefile libutil.h login.conf.5 > > Added files: > > lib/libutil login_progok.3 login_progok.c > > Log: > > Add full support for determining if a user > > is restricted from running a given program. > > > > Somehow I've got mixed feelings with this stuff. The first thing that > came to mind was: don't we have groups for that. But this is more > flexible. > But still, I think the filesystem layer should be the place to > determine if you can run a program. > Perhaps it's time for ACL's. Hmm, making a ppp group would address the problem..... I don't really have an excuse for not doing it that way (temporary insanity?). Perhaps I should take this stuff back out. Does anyone see any reasons why it should stay ? If someone wants to restrict use of a program they can: $ ls -l /usr/sbin/ppp -r-sr-x--- 1 root ppp 118784 Aug 28 01:03 /usr/sbin/ppp So if you're not in the ``ppp'' group, you don't get to run it ;-) oops - I feel a bit stupid :-| > -Guido -- Brian , Don't _EVER_ lose your sense of humour....