Re: gids assigned non-deterministically

[Tim Dijkstra <newsuser@famdijkstra.org>]

On Tue, 10 Oct 2006 15:08:29 +0200
Gabor Gombas <gombasg@sztaki.hu> wrote:

> On Tue, Oct 10, 2006 at 11:33:43AM +0200, Tim Dijkstra wrote:
> 
> > Hmm, pam_group doesn't sound to secure to me... what if on one machine
> > gid 110 is www-data and on another plugdev. Then if a user logs in on the second
> > machine it will get access to gid 110, make some suid executable, which on 
> > another machine ...
> 
> This can't happen. Groups are _not_ transferred over remote login.

Of course not, that's the whole point. If you dynamically allocate
system groups and dynamically make users members of groups. You can get
a mess if they both write to a nfs mounted volume. A file that is owned by 
group 110 can be groups www-data on one and plugdev on the other.

> New
> files are owned by the user's primary group, and _not_ by the
> supplemental groups (and I really hope you do not want to use 'plugdev'
> etc. as the primary group for any real user...)

That's not an argument someone can just 'chown :plugdev' something.

grts Tim