From owner-freebsd-hackers@FreeBSD.ORG  Tue Jan  6 13:44:28 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0475A16A4CE
	for <freebsd-hackers@freebsd.org>;
	Tue,  6 Jan 2004 13:44:28 -0800 (PST)
Received: from pc5.i.0x5.de (reverse-213-146-113-119.dialin.kamp-dsl.de
	[213.146.113.119])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 234D743D41
	for <freebsd-hackers@freebsd.org>;
	Tue,  6 Jan 2004 13:44:24 -0800 (PST)
	(envelope-from nicolas@dauerreden.de)
Received: from pc5.i.0x5.de (nicolas@localhost [127.0.0.1])
	by pc5.i.0x5.de (8.12.9p2/8.12.9) with ESMTP id i06LiLR7019985;
	Tue, 6 Jan 2004 22:44:21 +0100 (CET)
	(envelope-from nicolas@pc5.i.0x5.de)
Received: (from nicolas@localhost)
	by pc5.i.0x5.de (8.12.9p2/8.12.9/Submit) id i06LiLLi019984;
	Tue, 6 Jan 2004 22:44:21 +0100 (CET)
	(envelope-from nicolas)
Date: Tue, 6 Jan 2004 22:44:21 +0100
From: Nicolas Rachinsky <list@rachinsky.de>
To: "'freebsd-hackers@freebsd.org'" <freebsd-hackers@freebsd.org>
Message-ID: <20040106214421.GA19845@pc5.i.0x5.de>
Mail-Followup-To: "'freebsd-hackers@freebsd.org'"
	<freebsd-hackers@freebsd.org>,	Adil Katchi <AdilK@sandvine.com>
References: <FE045D4D9F7AED4CBFF1B3B813C85337029120BE@mail.sandvine.com>
	<20040106181141.GA5995@saboteur.dek.spc.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20040106181141.GA5995@saboteur.dek.spc.org>
X-Powered-by: FreeBSD
X-Homepage: http://www.rachinsky.de
X-PGP-Keyid: C11ABC0E
X-PGP-Fingerprint: 19DB 8392 8FE0 814A 7362  EEBD A53B 526A C11A BC0E
X-PGP-Key: http://www.rachinsky.de/nicolas/nicolas_rachinsky.asc
X-SECURITY: Never trust a running system
User-Agent: Mutt/1.5.5.1i
cc: Adil Katchi <AdilK@sandvine.com>
Subject: Re: switching between groups
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jan 2004 21:44:28 -0000

* Bruce M Simpson <bms@spc.org> [2004-01-06 18:11 +0000]:
> On Tue, Jan 06, 2004 at 11:14:06AM -0500, Adil Katchi wrote:
> > I was just wondering if anyone has any ideas how it's possible for a user
> > that belongs to multiple groups to somehow limit his or her own capabilities
> > by using only one of the n groups that they belong to and be able to switch
> > between these groups?  For example, if userA belongs to groupA, groupB and
> > groupC, can userA enter a mode that would force it to only belong to groupA
> > (or groupB, or groupC)?  UserA whould be able to switch between these groups
> > and back to normal (ie. belong to all groups).
> 
> newgrp(1) could be hacked to do this fairly easily. Currently it preserves
> supplemental group memberships. An option to discard supplementals could
> be added.

But you shouldn't forget, you can deny access to a specific group now.
This won't work any longer, when users can leave groups at will.

Nicolas