From owner-freebsd-hackers Sat Sep 2 22:07:21 1995 Return-Path: hackers-owner Received: (from majordom@localhost) by freefall.FreeBSD.org (8.6.11/8.6.6) id WAA05926 for hackers-outgoing; Sat, 2 Sep 1995 22:07:21 -0700 Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.FreeBSD.org (8.6.11/8.6.6) with ESMTP id WAA05918 for ; Sat, 2 Sep 1995 22:07:20 -0700 Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id WAA10537; Sat, 2 Sep 1995 22:02:53 -0700 From: Terry Lambert Message-Id: <199509030502.WAA10537@phaeton.artisoft.com> Subject: Re: A little strangness with 2.0.5 To: durham@w2xo.pgh.pa.us (Jim Durham) Date: Sat, 2 Sep 1995 22:02:53 -0700 (MST) Cc: terry@lambert.org, hackers@FreeBSD.ORG In-Reply-To: from "Jim Durham" at Sep 2, 95 11:40:31 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1415 Sender: hackers-owner@FreeBSD.ORG Precedence: bulk > > A kill signal can be delivered to a process owned by your UID or a > > process owned by your GID. You seem to not be a memebr of the group > > you SGID'ed to, so exclusion groups apply. > > I should perhaps have phrased it better. I should have said..."seeing as > both the parent and child were SUID 'net' , why would changing the > GID matter? > > I have to admit I don't know about exclusion groups. I'll have to do a little > reading on that. If you are the owner and world and group permission are granted, but owner permission is not, then you are prevented access. If you aren't the owner, but are a member of the group, and the group is prevented access, even if access is permitted to the world, you are prevented access. If you aren't the owner or a member of the group, then if world access is not allowed, then access is prevented. You can put users in a group "nogames", set the permissions on the games dir such that there is owner and world access but not group access, and set the group ownership to "nogames" and memebers of the group will be prevented access. Perhaps the credentials for the kill are being applied vs. the process credentials of the process as if it were a file access. I'd have to send a bit of time looking (or you would 8-)). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.