Date: Sun, 31 Aug 1997 01:02:16 +0100 From: Brian Somers <brian@awfulhak.org> To: Guido van Rooij <guido@gvr.org> Cc: brian@FreeBSD.ORG (Brian Somers), cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-lib@FreeBSD.ORG Subject: Re: cvs commit: src/lib/libutil login_progok.3 login_progok.c Makefile libutil.h login.conf.5 Message-ID: <199708310002.BAA23911@awfulhak.demon.co.uk> In-Reply-To: Your message of "Fri, 29 Aug 1997 21:56:44 %2B0200." <199708291956.VAA13103@gvr.gvr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Brian Somers wrote:
> > brian 1997/08/27 13:06:21 PDT
> >
> > Modified files:
> > lib/libutil Makefile libutil.h login.conf.5
> > Added files:
> > lib/libutil login_progok.3 login_progok.c
> > Log:
> > Add full support for determining if a user
> > is restricted from running a given program.
> >
>
> Somehow I've got mixed feelings with this stuff. The first thing that
> came to mind was: don't we have groups for that. But this is more
> flexible.
> But still, I think the filesystem layer should be the place to
> determine if you can run a program.
> Perhaps it's time for ACL's.
Hmm, making a ppp group would address the problem..... I don't really
have an excuse for not doing it that way (temporary insanity?).
Perhaps I should take this stuff back out. Does anyone see any
reasons why it should stay ? If someone wants to restrict use of a
program they can:
$ ls -l /usr/sbin/ppp
-r-sr-x--- 1 root ppp 118784 Aug 28 01:03 /usr/sbin/ppp
So if you're not in the ``ppp'' group, you don't get to run it ;-)
oops - I feel a bit stupid :-|
> -Guido
--
Brian <brian@awfulhak.org>, <brian@freebsd.org>
<http://www.awfulhak.org>;
Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708310002.BAA23911>