Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: /etc/shells (was Re: procmail)

From: repayne () jeeves net (Rob Payne)
Date: Thu, 8 Aug 1996 12:25:45 -0500

On Thu, 8 Aug 1996 09:47:25, der Mouse previously wrote:

If I might spin off a new thread from this one....

I can see only two solutions.  One would be to make each service
maintain its own list of users that are forbidden (or, alternatively,
allowed); the other would be to extend the passwd database (or,
equivalently, maintain a parallel database) so as to allow tagging each
user with arbitrary flags like "ftp access allowed" or "mail forward to
pipe forbidden".



Anyone have any comments on either, or any other alternatives to
suggest?


One way of seeing this is just your basic ACL scenario where you have operations
and you have users, and where the two lists interact you have a cross list that
defines who can do what, making checks where it can happen, etc.

Solaris implements this now, and it could be used to do what you are suggesting.
I would have to check Solaris's implementation to see if it would be
sufficient for what you suggest, or if it would need to be extended.

                                                                -rob
Previous By Date Next
Previous By Thread Next

Current thread: