Date: Tue, 6 Jan 2004 18:11:41 +0000 From: Bruce M Simpson <bms@spc.org> To: Adil Katchi <AdilK@sandvine.com> Cc: "'freebsd-hackers@freebsd.org'" <freebsd-hackers@freebsd.org> Subject: Re: switching between groups Message-ID: <20040106181141.GA5995@saboteur.dek.spc.org> In-Reply-To: <FE045D4D9F7AED4CBFF1B3B813C85337029120BE@mail.sandvine.com> References: <FE045D4D9F7AED4CBFF1B3B813C85337029120BE@mail.sandvine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jan 06, 2004 at 11:14:06AM -0500, Adil Katchi wrote: > I was just wondering if anyone has any ideas how it's possible for a user > that belongs to multiple groups to somehow limit his or her own capabilities > by using only one of the n groups that they belong to and be able to switch > between these groups? For example, if userA belongs to groupA, groupB and > groupC, can userA enter a mode that would force it to only belong to groupA > (or groupB, or groupC)? UserA whould be able to switch between these groups > and back to normal (ie. belong to all groups). newgrp(1) could be hacked to do this fairly easily. Currently it preserves supplemental group memberships. An option to discard supplementals could be added. Or just call setgroups() with a no-op group-list vector and then setgid()/ setegid() from within your application. BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040106181141.GA5995>