Re: User-manageable sub-ids proposals

From: Andreas Ferber (aferber@techfak.uni-bielefeld.de)
Date: Fri Dec 21 2001 - 16:28:47 EST


On Thu, Dec 13, 2001 at 11:36:16AM +0100, Romano Giannetti wrote:
>
> I was thinking about the idea of sub-ids to enable users to run "untrusted"
> binary or "dangerous" one without risk for their files/privacy.

Most parts of your proposal can be implemented in userspace, without
any kernel changes.

In fact, most parts /are/ already implemented, and only waiting to be
configured properly. It's called "sudo".

The only deficiency of the userspace only approach I see at the moment
is that you can't impersonate the slave user from the main user id
regarding to filesystem access. This can be worked around with proper
permissions if you take the "one group/one user" approach, all
slave users will have the main users group.

Andreas

-- 
       Andreas Ferber - dev/consulting GmbH - Bielefeld, FRG
     ---------------------------------------------------------
         +49 521 1365800 - af@devcon.net - www.devcon.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Sun Dec 23 2001 - 21:00:25 EST