[rsbac] ACLs and Samba
Amon Ott
ao at rsbac.org
Tue Apr 29 19:01:29 MEST 2003
On Tuesday, 29. April 2003 17:58, Michael Bode wrote:
> Amon Ott <ao at rsbac.org> writes:
>
> > The reason is that the standard Unix group administration is insecure: It
> > usually only depends on an uncontrolled editing of a file (/etc/group),
and
> > the superuser root can assign any group to a process.
> >
> > Additionally, the ACL groups can be private or global, each user can have
an
> > individual set of them and there is no limit on the number of groups a
user
> > can be in at the same time.
>
> So if I would want to migrate a Windows NT fileserver to Linux/Samba I
> could roughly simulate the Windows ACLs if I would duplicate the
> NT domain groups as ACL groups and grant the access rights to these
> groups?
Right, if your samba does a real setuid (what some binaries do not). The
planned RSBAC to Samba integration should be able to automate this.
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list