[3097] in bugtraq
Re: /etc/shells (was Re: procmail)
daemon@ATHENA.MIT.EDU (Rob Payne)
Thu Aug 8 20:16:32 1996
Date: Thu, 8 Aug 1996 12:25:45 -0500
Reply-To: repayne@jeeves.net
From: Rob Payne <repayne@jeeves.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
On Thu, 8 Aug 1996 09:47:25, der Mouse previously wrote:
> If I might spin off a new thread from this one....
>
> I can see only two solutions. One would be to make each service
> maintain its own list of users that are forbidden (or, alternatively,
> allowed); the other would be to extend the passwd database (or,
> equivalently, maintain a parallel database) so as to allow tagging each
> user with arbitrary flags like "ftp access allowed" or "mail forward to
> pipe forbidden".
> Anyone have any comments on either, or any other alternatives to
> suggest?
One way of seeing this is just your basic ACL scenario where you have operations
and you have users, and where the two lists interact you have a cross list that
defines who can do what, making checks where it can happen, etc.
Solaris implements this now, and it could be used to do what you are suggesting.
I would have to check Solaris's implementation to see if it would be
sufficient for what you suggest, or if it would need to be extended.
-rob
