From owner-freebsd-questions Mon Nov 19 17:39: 2 2001 Delivered-To: freebsd-questions@freebsd.org Received: from atkielski.com (atkielski.com [161.58.232.69]) by hub.freebsd.org (Postfix) with ESMTP id CCD1037B419 for ; Mon, 19 Nov 2001 17:38:59 -0800 (PST) Received: from contactdish (ASt-Lambert-101-2-1-14.abo.wanadoo.fr [193.251.59.14]) by atkielski.com (8.11.6) id fAK1cwa15087; Tue, 20 Nov 2001 02:38:58 +0100 (CET) Message-ID: <007801c17164$2010e150$0a00000a@atkielski.com> From: "Anthony Atkielski" To: References: <15353.33437.744317.153424@guru.mired.org><20011119194626.K48577-100000@malkav.snowmoon.com> <15353.45841.476855.884298@guru.mired.org> Subject: Re: Writable directory except for a given user Date: Tue, 20 Nov 2001 02:38:51 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG For what it is worth, this is a very good illustration of the shortcomings of the very limited UNIX security model. Windows NT/2000, as well as Multics, the parent of UNIX, both allow this type of access control, as I recall. ----- Original Message ----- From: "Mike Meyer" To: Cc: Sent: Tuesday, November 20, 2001 02:34 Subject: Re: Writable directory except for a given user > jaime@snowmoon.com types: > > On Mon, 19 Nov 2001, Mike Meyer wrote: > > > Sure - create a group that you put all users in by default, and then > > > take blacklisted users out of it. > > I'm aware of this idea, but in my case we're talking about > > hundreds of users. Is there a way to configure adduser (or FreeBSD > > itself) to add a user to a given group by default? Other than the obvious > > /etc/adduser.* files, I mean. :) What about a method of doing this and > > taking care of all of my hundreds of users that already exist? > > Can you make that the users gid, as opposed to just being another > group? If so, script to fix /etc/master.passwd should be > straightforward. Given that you only have to do it once, ed might be > the fastest way to do it. If you need to create a group with hundreds > of users - you might want to find a different approach, like sudo for > the operations you want to allow on the directory. > > -- > Mike Meyer http://www.mired.org/home/mwm/ > Q: How do you make the gods laugh? A: Tell them your plans. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message