From owner-freebsd-security Sun Mar 18 11:48:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [12.23.109.2]) by hub.freebsd.org (Postfix) with ESMTP id 5201537B719; Sun, 18 Mar 2001 11:48:29 -0800 (PST) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id MAA01358; Sun, 18 Mar 2001 12:42:26 -0700 (MST) Message-Id: <4.3.2.7.2.20010318123759.00d9dd10@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Sun, 18 Mar 2001 12:42:17 -0700 To: Terry Lambert , babkin@bellatlantic.net (Sergey Babkin) From: Brett Glass Subject: Re: about common group & user ID space (PR kern/14584) Cc: security@FreeBSD.ORG, wes@softweyr.com (Wes Peters), rwatson@FreeBSD.ORG (Robert Watson), fs@FreeBSD.ORG In-Reply-To: <200103180738.AAA03250@usr05.primenet.com> References: <3AB3FC38.94711FFF@bellatlantic.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:38 AM 3/18/2001, Terry Lambert wrote: >The benefits in not having the grovel through the FS contents, or >do a more complex ID space transformations, and the moving of the >majority of changes to user space, combined with the fact that if >you turn it off, the ownership doesn't need to be reverted, are >all plusses. At the same time, it'd be nice to eliminate the arbitrary limitations on (a) the number of groups of which a user can be a member and (b) the number of members in a group. Both of these limitations often bite administrators who, for example, want most users of a system to be members of a particular group or want to implement group-based access control schemes with a moderate degree of granularity. Classes won't cut it for this purpose, alas, because they're not built into file system security. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message