From owner-freebsd-hackers Wed Jun 18 07:11:14 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id HAA18324 for hackers-outgoing; Wed, 18 Jun 1997 07:11:14 -0700 (PDT) Received: from florence.pavilion.net (mailrelay1.pavilion.net [194.242.128.25]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id HAA18319 for ; Wed, 18 Jun 1997 07:11:11 -0700 (PDT) Received: (from joe@localhost) by florence.pavilion.net (8.8.5/8.8.5) id PAA16550; Wed, 18 Jun 1997 15:10:04 +0100 (BST) Message-ID: <19970618151004.21788@pavilion.net> Date: Wed, 18 Jun 1997 15:10:04 +0100 From: Josef Karthauser To: Drew Derbyshire Cc: hackers@FreeBSD.ORG Subject: Re: granting auth to processes References: <33a61180.kew-sonata@sonata.uucp.kew.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.74 In-Reply-To: <33a61180.kew-sonata@sonata.uucp.kew.com>; from Drew Derbyshire on Tue, Jun 17, 1997 at 12:24:32AM -0500 Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Tue, Jun 17, 1997 at 12:24:32AM -0500, Drew Derbyshire wrote: > > Consider it's the multiple levels of access needed to a set of files: > > User O can create or delete file > Group A can read/write existing files > Group B can read existing file > Group C can write existing file > Others have no access > > UFS does not allow this in a trivial fashion, because it has a finite > number of permission bits. Likewise I somewhat object to a model which > only has root/noroot as classes of API access, because it leads to the > wrong amount of priv granted. One way around it that I've been thinking about might work. Any comments? What if we make a way of allowing groups defined in /etc/groups to contain groups as well as uids? i.e. xrwxrwx--- fred.foo filename User fred and users on group foo can read and write to this file. could /etc/group foo contain: foo:*:1000:joe,fred,'group wheel' This would allow really useful generalisations of group access. i.e. joe and fred and anyone on group wheel can read and write this file. Comments? Joe -- Josef Karthauser Technical Manager Email: joe@pavilion.net Pavilion Internet plc. [Tel: +44 1273 607072 Fax: +44 1273 607073]