Re: gids assigned non-deterministically

[Gabor Gombas <gombasg@sztaki.hu>]

On Tue, Oct 10, 2006 at 11:33:43AM +0200, Tim Dijkstra wrote:

> Hmm, pam_group doesn't sound to secure to me... what if on one machine
> gid 110 is www-data and on another plugdev. Then if a user logs in on the second
> machine it will get access to gid 110, make some suid executable, which on 
> another machine ...

This can't happen. Groups are _not_ transferred over remote login. New
files are owned by the user's primary group, and _not_ by the
supplemental groups (and I really hope you do not want to use 'plugdev'
etc. as the primary group for any real user...)

Even newgrp does not work with groups granted by pam_group (more
precisely, newgrp asks for the group's password, but system groups
should be always locked). So I see no way to transfer a locally granted
group to another machine.

On the other hand, it is true that you should never create files owned
by local uids/gids on shared storage.

Gabor

-- 
     ---------------------------------------------------------
     MTA SZTAKI Computer and Automation Research Institute
                Hungarian Academy of Sciences
     ---------------------------------------------------------