[rsbac] ACLs and Samba

Amon Ott ao at rsbac.org
Tue Apr 29 17:26:33 MEST 2003

On Tuesday, 29. April 2003 14:52, Michael Bode wrote:
> Amon Ott <ao at rsbac.org> writes:
> > It is on my to-do list, but nobody has voluntered so far.
> Ok. As I understand the standard Unix users and special ACL groups
> can be subjects for ACLs but not the standard Unix groups. Is that
> correct and what is the reason for this?

It is correct.

The reason is that the standard Unix group administration is insecure: It 
usually only depends on an uncontrolled editing of a file (/etc/group), and 
the superuser root can assign any group to a process.

Additionally, the ACL groups can be private or global, each user can have an 
individual set of them and there is no limit on the number of groups a user 
can be in at the same time.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list