Date: Tue, 6 Jan 2004 22:44:21 +0100 From: Nicolas Rachinsky <list@rachinsky.de> To: "'freebsd-hackers@freebsd.org'" <freebsd-hackers@freebsd.org> Cc: Adil Katchi <AdilK@sandvine.com> Subject: Re: switching between groups Message-ID: <20040106214421.GA19845@pc5.i.0x5.de> In-Reply-To: <20040106181141.GA5995@saboteur.dek.spc.org> References: <FE045D4D9F7AED4CBFF1B3B813C85337029120BE@mail.sandvine.com> <20040106181141.GA5995@saboteur.dek.spc.org>
next in thread | previous in thread | raw e-mail | index | archive | help
* Bruce M Simpson <bms@spc.org> [2004-01-06 18:11 +0000]: > On Tue, Jan 06, 2004 at 11:14:06AM -0500, Adil Katchi wrote: > > I was just wondering if anyone has any ideas how it's possible for a user > > that belongs to multiple groups to somehow limit his or her own capabilities > > by using only one of the n groups that they belong to and be able to switch > > between these groups? For example, if userA belongs to groupA, groupB and > > groupC, can userA enter a mode that would force it to only belong to groupA > > (or groupB, or groupC)? UserA whould be able to switch between these groups > > and back to normal (ie. belong to all groups). > > newgrp(1) could be hacked to do this fairly easily. Currently it preserves > supplemental group memberships. An option to discard supplementals could > be added. But you shouldn't forget, you can deny access to a specific group now. This won't work any longer, when users can leave groups at will. Nicolas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040106214421.GA19845>