Re: "Small" Bug - silly question again

To: Niels Möller <nisse@lysator.liu.se>
Cc: Debian Hurd List <debian-hurd@lists.debian.org>
Subject: Re: "Small" Bug - silly question again
From: Zsombor Gergely <gergely@econ.core.hu>
Date: Sat, 18 Mar 2000 00:23:06 +0100
Message-id: <[🔎] 20000318002306.A549@zebra.ie.core.hu>
In-reply-to: <[🔎] nnog8dll90.fsf@sture.lysator.liu.se>; from nisse@lysator.liu.se on Fri, Mar 17, 2000 at 03:33:15PM +0100
References: <[🔎] 20000315213221.11266.qmail@hotmail.com> <[🔎] 20000315230721.A7506@aurora.physik.tu-muenchen.de> <[🔎] 20000316195915.B1306@zebra.ie.core.hu> <[🔎] 20000316204159.C23402@ulysses.dhis.net> <20000317003941.C4974@DeepThought.> <[🔎] 20000317004029.D28898@ulysses.dhis.net> <20000317111526.B1632@DeepThought.> <[🔎] 20000317130245.C319@ulysses.dhis.net> <20000317150222.C3456@DeepThought.> <[🔎] nnog8dll90.fsf@sture.lysator.liu.se>

Hi,

In one of your previous posts, you talked about a true revolutionary thing
behind this whole Discussion (it was id: [🔎] nnsnxplvwi.fsf@sture.lysator.liu.se
in the previous chunk of this thread - sorry, I can not reference two messages
:( ). It is the possibility for a user (and also several apps of a single
user?) to have more and different set of gids and uids. If I understand well,
you were ultimately talking about using capabilities.

On Fri, Mar 17, 2000 at 03:33:15PM +0100, Niels Möller wrote:
> As a concrete example, say you want to limit write access to the file
> /games/nethack/lib/nethackdir/record to members of the group games.
> And that you, at the same time, want to grant read access to everybody
> but guests. How would you do that?

I think Hurd apps could do this by granting access to the particular
file through a special user (generated on the fly, or having it precoded?).
For the duration of the operation (saving the state of the game or changing
your password), the user -- or better: the app, the user is using -- receives
the uid of this special user. After the modification is made/info
is read from the file, the permission vanishes. The user does not get
permission himself and permanently, just the particular process for the
particular operation. [Although I can not imagine how this authentication of
the user+app+operation could take place...]

How do you feel about this? Could this lessen the need for having permanent
permission on critical files?

Thanks,
Zsombor

-- 
Zsombor Gergely
Junior Research Fellow					
Hungarian Academy of Sciences, Institute of Economics  | Phone: (36-1) 309-2659
P.O. Box 262, H-1112 Budapest, Hungary                 | Fax:   (36-1) 319-3136

Reply to:

Follow-Ups:
- Re: "Small" Bug - silly question again
  - From: nisse@lysator.liu.se (Niels Möller)

References:
- Re: "Small" Bug
  - From: "powder keg" <iskander14@hotmail.com>
- Re: "Small" Bug
  - From: Michael Thaler <michael.thaler@physik.tu-muenchen.de>
- Re: "Small" Bug - silly question again
  - From: Zsombor Gergely <gergely@econ.core.hu>
- Re: "Small" Bug - silly question again
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: "Small" Bug - silly question again
  - From: Norbert Nemec <nobbi@cheerful.com>
- Re: "Small" Bug - silly question again
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: "Small" Bug - silly question again
  - From: Norbert Nemec <nobbi@cheerful.com>
- Re: "Small" Bug - silly question again
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: "Small" Bug - silly question again
  - From: Norbert Nemec <nobbi@cheerful.com>
- Re: "Small" Bug - silly question again
  - From: nisse@lysator.liu.se (Niels Möller)

Prev by Date: Re: "Small" Bug - silly question again
Next by Date: Re: "Small" Bug - silly question again
Previous by thread: Re: "Small" Bug - silly question again
Next by thread: Re: "Small" Bug - silly question again
Index(es):
- Date
- Thread