[3094] in bugtraq
Re[2]: /etc/shells (was Re: procmail
daemon@ATHENA.MIT.EDU (Eric Wedel)
Thu Aug 8 18:29:16 1996
Date: Thu, 8 Aug 1996 14:35:09 PST
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Eric Wedel <ewedel@MERIDIAN-DATA.COM>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
So far, suggestions have focused on user-level attributes.
Some of the proposed controls might equally well apply
to groups. (For the record I don't advocate single-character
flags, though that seems to be a *nix tradition.)
Warning: this thread could get really long. :-)
regards, Eric Wedel
> how about extending the passwd fields one more after the shell so
> that mine would be something like
>
> auderho:x:1298:1:Jauder Ho:/export/home/jauderho:/usr/local/bin/tcsh:tf
>
> with single letters representing different options , we can have 62 if we
> use all the numerals , upper and lower cases of the alphabet.
>
> so let's say that t stands for telnet allowed, ftp allowed ...
>
> this allows pretty fine grained control over users.
>
> --Jauder
>
> On Thu, 8 Aug 1996, der Mouse wrote:
>
(snip)
>> I can see only two solutions. One would be to make each service
>> maintain its own list of users that are forbidden (or, alternatively,
>> allowed); the other would be to extend the passwd database (or,
>> equivalently, maintain a parallel database) so as to allow tagging each
>> user with arbitrary flags like "ftp access allowed" or "mail forward to
>> pipe forbidden".
>>
>> Anyone have any comments on either, or any other alternatives to
>> suggest?
>>
>> der Mouse
>>
>> mouse@collatz.mcrcim.mcgill.edu
>> 01 EE 31 F6 BB 0C 34 36 00 F3 7C 5A C1 A0 67 1D
