[rsbac] ACLs and Samba

Amon Ott ao at rsbac.org
Tue Apr 29 19:01:29 MEST 2003

On Tuesday, 29. April 2003 17:58, Michael Bode wrote:
> Amon Ott <ao at rsbac.org> writes:
> > The reason is that the standard Unix group administration is insecure: It 
> > usually only depends on an uncontrolled editing of a file (/etc/group), 
> > the superuser root can assign any group to a process.
> > 
> > Additionally, the ACL groups can be private or global, each user can have 
> > individual set of them and there is no limit on the number of groups a 
> > can be in at the same time.
> So if I would want to migrate a Windows NT fileserver to Linux/Samba I
> could roughly simulate the Windows ACLs if I would duplicate the
> NT domain groups as ACL groups and grant the access rights to these
> groups? 

Right, if your samba does a real setuid (what some binaries do not). The 
planned RSBAC to Samba integration should be able to automate this.

http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list