Date: Sun, 31 Aug 1997 01:02:16 +0100 From: Brian Somers <brian@awfulhak.org> To: Guido van Rooij <guido@gvr.org> Cc: brian@FreeBSD.ORG (Brian Somers), cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-lib@FreeBSD.ORG Subject: Re: cvs commit: src/lib/libutil login_progok.3 login_progok.c Makefile libutil.h login.conf.5 Message-ID: <199708310002.BAA23911@awfulhak.demon.co.uk> In-Reply-To: Your message of "Fri, 29 Aug 1997 21:56:44 %2B0200." <199708291956.VAA13103@gvr.gvr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Brian Somers wrote: > > brian 1997/08/27 13:06:21 PDT > > > > Modified files: > > lib/libutil Makefile libutil.h login.conf.5 > > Added files: > > lib/libutil login_progok.3 login_progok.c > > Log: > > Add full support for determining if a user > > is restricted from running a given program. > > > > Somehow I've got mixed feelings with this stuff. The first thing that > came to mind was: don't we have groups for that. But this is more > flexible. > But still, I think the filesystem layer should be the place to > determine if you can run a program. > Perhaps it's time for ACL's. Hmm, making a ppp group would address the problem..... I don't really have an excuse for not doing it that way (temporary insanity?). Perhaps I should take this stuff back out. Does anyone see any reasons why it should stay ? If someone wants to restrict use of a program they can: $ ls -l /usr/sbin/ppp -r-sr-x--- 1 root ppp 118784 Aug 28 01:03 /usr/sbin/ppp So if you're not in the ``ppp'' group, you don't get to run it ;-) oops - I feel a bit stupid :-| > -Guido -- Brian <brian@awfulhak.org>, <brian@freebsd.org> <http://www.awfulhak.org> Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199708310002.BAA23911>