Re: Priviledge Groups

bofh@snoopy.virtual.net.au
Tue, 17 Dec 96 16:59:57 +1000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Hugues Talbot: "UFS file system"
Previous message: Snow Cat: "Re: Proposal: restrict link(2)"
Next in thread: Janos Farkas: "Re: Priviledge Groups"
Reply: Janos Farkas: "Re: Priviledge Groups"

>Perhaps implementing something like HP-UX priviledge groups
>would help solve the link(2) problems that people have been
>discussing.

>For those who don't have HP-UX 10 systems handy priviledge
>groups associate groups (although I'd do it to the granularity
>of users) access to certain system capabilities.

>HP-UX defines
> Ability to chown(2) files to some other user
> Ability to call lockf(2) on files open readonly
> Ability to lock pages in physical memory
> Ability to set realtime priorities with rtprio(2)
> Ability to set realtime priorities with the rtsched() functions
> Ability to use setuid(2) and setgid(2)

>We could usefully add
> Ability to bind to sockets <1024
> Ability to use mknod(2)
> Ability to create hard links to non-owned files.

>Any others?

Ability to run TCPDUMP and other network disgnostics programs.
Ability to run ifconfig/route and make changes to interfaces and routes.
Ability to send commands to init (ie shutdown the machine). Ability to access
the network in any way (I'd like to create guest accounts without any network
access).

Russell Coker

Next message: Hugues Talbot: "UFS file system"
Previous message: Snow Cat: "Re: Proposal: restrict link(2)"
Next in thread: Janos Farkas: "Re: Priviledge Groups"
Reply: Janos Farkas: "Re: Priviledge Groups"