From owner-freebsd-hackers@FreeBSD.ORG  Tue Jan  6 14:25:53 2004
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1EF5B16A4CE
	for <freebsd-hackers@freebsd.org>;
	Tue,  6 Jan 2004 14:25:53 -0800 (PST)
Received: from pc5.i.0x5.de (reverse-213-146-113-119.dialin.kamp-dsl.de
	[213.146.113.119])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 77F6F43D46
	for <freebsd-hackers@freebsd.org>;
	Tue,  6 Jan 2004 14:25:50 -0800 (PST)
	(envelope-from nicolas@dauerreden.de)
Received: from pc5.i.0x5.de (nicolas@localhost [127.0.0.1])
	by pc5.i.0x5.de (8.12.9p2/8.12.9) with ESMTP id i06MPmR7023624;
	Tue, 6 Jan 2004 23:25:48 +0100 (CET)
	(envelope-from nicolas@pc5.i.0x5.de)
Received: (from nicolas@localhost)
	by pc5.i.0x5.de (8.12.9p2/8.12.9/Submit) id i06MPmYn023623;
	Tue, 6 Jan 2004 23:25:48 +0100 (CET)
	(envelope-from nicolas)
Date: Tue, 6 Jan 2004 23:25:48 +0100
From: Nicolas Rachinsky <list@rachinsky.de>
To: Adil Katchi <AdilK@sandvine.com>
Message-ID: <20040106222548.GA22917@pc5.i.0x5.de>
Mail-Followup-To: Adil Katchi <AdilK@sandvine.com>,
	freebsd-hackers@freebsd.org
References: <FE045D4D9F7AED4CBFF1B3B813C85337029120C2@mail.sandvine.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <FE045D4D9F7AED4CBFF1B3B813C85337029120C2@mail.sandvine.com>
X-Powered-by: FreeBSD
X-Homepage: http://www.rachinsky.de
X-PGP-Keyid: C11ABC0E
X-PGP-Fingerprint: 19DB 8392 8FE0 814A 7362  EEBD A53B 526A C11A BC0E
X-PGP-Key: http://www.rachinsky.de/nicolas/nicolas_rachinsky.asc
X-SECURITY: Never trust a running system
User-Agent: Mutt/1.5.5.1i
cc: freebsd-hackers@freebsd.org
Subject: Re: switching between groups
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jan 2004 22:25:53 -0000

* Adil Katchi <AdilK@sandvine.com> [2004-01-06 17:01 -0500]:
> I don't follow, what do you mean?

A file with mode rw----r-- owned by root:group1 could be read by
anyone who is not in group1. 

Nicolas

Confusing quote:
> -----Original Message-----
> From: Nicolas Rachinsky [mailto:list@rachinsky.de]
> Sent: Tuesday, January 06, 2004 4:44 PM
> To: 'freebsd-hackers@freebsd.org'
> Cc: Adil Katchi
> Subject: Re: switching between groups
> 
> 
> * Bruce M Simpson <bms@spc.org> [2004-01-06 18:11 +0000]:
> > On Tue, Jan 06, 2004 at 11:14:06AM -0500, Adil Katchi wrote:
> > > I was just wondering if anyone has any ideas how it's possible for a
> user
> > > that belongs to multiple groups to somehow limit his or her own
> capabilities
> > > by using only one of the n groups that they belong to and be able to
> switch
> > > between these groups?  For example, if userA belongs to groupA, groupB
> and
> > > groupC, can userA enter a mode that would force it to only belong to
> groupA
> > > (or groupB, or groupC)?  UserA whould be able to switch between these
> groups
> > > and back to normal (ie. belong to all groups).
> > 
> > newgrp(1) could be hacked to do this fairly easily. Currently it preserves
> > supplemental group memberships. An option to discard supplementals could
> > be added.
> 
> But you shouldn't forget, you can deny access to a specific group now.
> This won't work any longer, when users can leave groups at will.
> 
> Nicolas
>