From owner-cvs-lib Fri Aug 29 12:57:08 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id MAA24663 for cvs-lib-outgoing; Fri, 29 Aug 1997 12:57:08 -0700 (PDT) Received: from gvr.gvr.org (root@gvr.gvr.org [194.151.74.97]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id MAA24641; Fri, 29 Aug 1997 12:56:55 -0700 (PDT) Received: (from guido@localhost) by gvr.gvr.org (8.8.6/8.8.5) id VAA13103; Fri, 29 Aug 1997 21:56:44 +0200 (MET DST) From: Guido van Rooij Message-Id: <199708291956.VAA13103@gvr.gvr.org> Subject: Re: cvs commit: src/lib/libutil login_progok.3 login_progok.c Makefile libutil.h login.conf.5 In-Reply-To: <199708272006.NAA21764@freefall.freebsd.org> from Brian Somers at "Aug 27, 97 01:06:21 pm" To: brian@FreeBSD.ORG (Brian Somers) Date: Fri, 29 Aug 1997 21:56:44 +0200 (MET DST) Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, cvs-lib@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-cvs-lib@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Brian Somers wrote: > brian 1997/08/27 13:06:21 PDT > > Modified files: > lib/libutil Makefile libutil.h login.conf.5 > Added files: > lib/libutil login_progok.3 login_progok.c > Log: > Add full support for determining if a user > is restricted from running a given program. > Somehow I've got mixed feelings with this stuff. The first thing that came to mind was: don't we have groups for that. But this is more flexible. But still, I think the filesystem layer should be the place to determine if you can run a program. Perhaps it's time for ACL's. -Guido