Re: gids assigned non-deterministically

To: debian-devel@lists.debian.org
Subject: Re: gids assigned non-deterministically
From: Petter Reinholdtsen <pere@hungry.com>
Date: Tue, 10 Oct 2006 11:49:39 +0200
Message-id: <[🔎] 2fl3b9wts98.fsf@saruman.uio.no>
References: <[🔎] 20061009141645.GA24697@miami.connexer.com> <[🔎] 20061009193906.GE17348@p12n.org> <[🔎] 20061010093656.70d5e49d@orfeo.nikhef.nl> <[🔎] 20061010092026.GE7416@boogie.lpds.sztaki.hu> <[🔎] 20061010113343.050f03af@orfeo.nikhef.nl>

[Tim Dijkstra]
> Hmm, pam_group doesn't sound to secure to me... what if on one
> machine gid 110 is www-data and on another plugdev. Then if a user
> logs in on the second machine it will get access to gid 110, make
> some suid executable, which on another machine ... Well the nfs
> mount is nosuid, but still, I find this a bit scary.

You are right.  The groups in use on an NFS mounted directory should
be the same across all machines.  So you should avoid making any files
with those gids on NFS-exported file system.

Friendly,
-- 
Petter Reinholdtsen

Reply to:

References:
- gids assigned non-deterministically
  - From: "Roberto C. Sanchez" <roberto@connexer.com>
- Re: gids assigned non-deterministically
  - From: Peter Samuelson <peter@p12n.org>
- Re: gids assigned non-deterministically
  - From: Tim Dijkstra <newsuser@famdijkstra.org>
- Re: gids assigned non-deterministically
  - From: Gabor Gombas <gombasg@sztaki.hu>
- Re: gids assigned non-deterministically
  - From: Tim Dijkstra <newsuser@famdijkstra.org>

Prev by Date: Re: gids assigned non-deterministically
Next by Date: Re: [Debian Installer] General release plan for RC1
Previous by thread: Re: gids assigned non-deterministically
Next by thread: Re: gids assigned non-deterministically
Index(es):
- Date
- Thread