[964] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: Fwd: [linux-security] security idea

daemon@ATHENA.MIT.EDU (Robert Nichols)
Fri Jul 26 04:48:47 1996

Date: Thu, 25 Jul 96 18:03 CDT
From: rnichols@interaccess.com (Robert Nichols)
To: daniel@fiction.pb.owl.de, iang@cs.berkeley.edu
Cc: linux-security@tarsier.cv.nrao.edu

On Thu, 25 Jul 1996 "Daniel Roedding" <daniel@fiction.pb.owl.de> wrote
>
>Ian Goldberg wrote:
>
>> In /etc/group:
>
>>  lusers::6969:lightman,mitnick
>
>> Your programs:
>
>>  -r-s---r-x   1 root     lusers       9397 Aug  8  1995 /usr/bin/traceroute
>
>> (Make sure your "newgrp" program doesn't drop your supplementary groups...)
>
>I'm not quite sure if all Linux versions handle this properly, but
>certainly many "commercial" Unix boxes won't, because they first
>check the "world" access rights and then "add" group specific ones.
>So you can use group specific access rights only to give members
>of a certain group *more* rights than the rest of the world, but
>not to *exclude* them.

That's exactly wrong for every Unix system I've ever used.  If you
are the owner, you get the "owner" permissions and no others.  If
you are not the owner but are a member of the group, you get the
"group" permissions and no others.  If you are not the owner and
are not a member of the group, you get the "world" permissions.
-- 
Bob Nichols         rnichols@interaccess.com

home help back first fref pref prev next nref lref last post