Re: gids assigned non-deterministically
On Tue, 10 Oct 2006 15:08:29 +0200
Gabor Gombas <email@example.com> wrote:
> On Tue, Oct 10, 2006 at 11:33:43AM +0200, Tim Dijkstra wrote:
> > Hmm, pam_group doesn't sound to secure to me... what if on one machine
> > gid 110 is www-data and on another plugdev. Then if a user logs in on the second
> > machine it will get access to gid 110, make some suid executable, which on
> > another machine ...
> This can't happen. Groups are _not_ transferred over remote login.
Of course not, that's the whole point. If you dynamically allocate
system groups and dynamically make users members of groups. You can get
a mess if they both write to a nfs mounted volume. A file that is owned by
group 110 can be groups www-data on one and plugdev on the other.
> files are owned by the user's primary group, and _not_ by the
> supplemental groups (and I really hope you do not want to use 'plugdev'
> etc. as the primary group for any real user...)
That's not an argument someone can just 'chown :plugdev' something.