Date: Fri, 12 Mar 1999 19:39:06 -0600 (CST) From: Licia <licia@o-o.org> To: Brett Glass <brett@lariat.org> Cc: freebsd-chat@FreeBSD.ORG, fad@o-o.org Subject: Re: added chroot to /usr/bin/login Message-ID: <Pine.BSF.4.05.9903121935220.25104-100000@o-o.org> In-Reply-To: <4.1.19990312182830.03ff2240@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
Sure, knock yourself out :) The patches are BSL :) I'm not familiar with s/key though, so I will have to take your word on it's functionality :) hmmm if I remove the chroot-group part, this whole problem would go away for you too... wonder if it would help anyone else :) anyway, have fun :) On Fri, 12 Mar 1999, Brett Glass wrote: > At 07:25 PM 3/12/99 -0600, Licia wrote: > > >For this situation I think really that anything else would be overkill. I'm > >actually thinking of removing the chroot-group idea, and having it totally > >based on /etc/login.conf, but for now I think it's ok as it is :) > > It might be. The only reason I like the idea of having an /etc/loginchroot > file is as follows. I currently administer a system that has LOTS of users > whose access to things must be limited. We started by putting them all > in one group and using that one GID as a criterion. But the group got > past 200 users and this started messing up. > > Also, there's the problem that a user can only be in some small number > (16, I think) of groups. Several users are at their limit on that system. > To add them to a "chroot group" would break things! > > I think that S/Key's scheme would be overkill, but that the one used by > ftpd for the same purpose is about right. It also has the advantage of > establishing a consistent convention. Would you be willing to let me > work on this with you? I'd be glad to submit code to test. > > --Brett Glass > > > > [ licia@o-o.org ] [ http://www.o-o.org/~licia/ ] [ Alias : Ladywolf] [ Telnet to o-o.org and log in as bbs ] [ ssh -l bbs -C o-o.org ] [ A happy user of FreeBSD : http://www.freebsd.org/ ] main(){int num[4]={1768122732,762265697,1919889007,103};printf("%s\n",num);} To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9903121935220.25104-100000>