[rsbac] ACLs and Samba
Amon Ott
ao at rsbac.org
Tue Apr 29 17:26:33 MEST 2003
On Tuesday, 29. April 2003 14:52, Michael Bode wrote:
> Amon Ott <ao at rsbac.org> writes:
>
> > It is on my to-do list, but nobody has voluntered so far.
>
> Ok. As I understand the standard Unix users and special ACL groups
> can be subjects for ACLs but not the standard Unix groups. Is that
> correct and what is the reason for this?
It is correct.
The reason is that the standard Unix group administration is insecure: It
usually only depends on an uncontrolled editing of a file (/etc/group), and
the superuser root can assign any group to a process.
Additionally, the ACL groups can be private or global, each user can have an
individual set of them and there is no limit on the number of groups a user
can be in at the same time.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list