Date: Wed, 18 Aug 1999 12:55:24 +0930 (CST) From: "Daniel O'Connor" <doconnor@gsoft.com.au> To: Wilfredo Sanchez <wsanchez@apple.com> Cc: umeshv@apple.com, warner.c@apple.com, pwd@apple.com, tech-userlevel@netbsd.org, freebsd-hackers@freebsd.org Subject: Re: RE: Need some advice regarding portable user IDs Message-ID: <XFMail.990818125524.doconnor@gsoft.com.au> In-Reply-To: <199908180314.UAA47224@scv4.apple.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format --_=XFMail.1.3.p0.FreeBSD:990818125524:5786=_ Content-Type: text/plain; charset=us-ascii On 18-Aug-99 Wilfredo Sanchez wrote: > I'm trying to support a user experience similar to Mac OS using > BSD underneath (for Mac OS version 10). The goal being simplicity > for the user, which I think might interest some FreeBSD users as well > as my customers. Right.. sorry, I didn't mean to sound rude :) > | map (like NIS)? > And what happens accross NIS domains? Design failure :) I suppose you could carry a UID, GID mapping on the disks, and have mount look out for it.. If you had a 'removable disk' flag in /etc/fstab, then have the kernel look for those files, and use umapfs with them on the mounted FS. It could be rather dangerous security wise though.. Maybe have an option somewhere else (sysctl?) that tells mount wether removable disks are allowed to have files that are executable/devices/s[ug]id on it. (ie automatically have -o noexec,nosuid,nodevice done automatically based on user prefs) If there where no mapping files on the disk have a default setting.. Perhaps you could 'sign' the files on the disk so that when you inserted it, it checked the mapping files where signed by someone so you could opt to trust certain people, and have less restrictive options for their disks. You could even have it so it asks for your key phrase (thinking pgp/ssh terms) when you insert the disk so you can verify the person, which would prevent someone getting a disk trusted by you and modifying it and using it in your machine. Ahh, the complexities are endless :) --- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum --_=XFMail.1.3.p0.FreeBSD:990818125524:5786=_ Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.3ia iQCVAwUBN7onpFbYW/HEoF9pAQG3kwQAnVIyvBgWlNvuRNx2eG68HcVS9c+uh+P5 cDgFNPKAV/J7bD4tDycDiFik6GMqe0fbqQKP8FPDPXzliEeYagtFd88gQ8ihg2ms /omt1RwoE050F0Os1xR+D7vipggNEFL2QTxitIcB+aqU06Xku9vj5A4oGnWQ5iNy x/0pq9j65ZY= =hHrs -----END PGP MESSAGE----- --_=XFMail.1.3.p0.FreeBSD:990818125524:5786=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.990818125524.doconnor>