Re: "Small" Bug - silly question again
Hi,
In one of your previous posts, you talked about a true revolutionary thing
behind this whole Discussion (it was id: [🔎] nnsnxplvwi.fsf@sture.lysator.liu.se
in the previous chunk of this thread - sorry, I can not reference two messages
:( ). It is the possibility for a user (and also several apps of a single
user?) to have more and different set of gids and uids. If I understand well,
you were ultimately talking about using capabilities.
On Fri, Mar 17, 2000 at 03:33:15PM +0100, Niels Möller wrote:
> As a concrete example, say you want to limit write access to the file
> /games/nethack/lib/nethackdir/record to members of the group games.
> And that you, at the same time, want to grant read access to everybody
> but guests. How would you do that?
I think Hurd apps could do this by granting access to the particular
file through a special user (generated on the fly, or having it precoded?).
For the duration of the operation (saving the state of the game or changing
your password), the user -- or better: the app, the user is using -- receives
the uid of this special user. After the modification is made/info
is read from the file, the permission vanishes. The user does not get
permission himself and permanently, just the particular process for the
particular operation. [Although I can not imagine how this authentication of
the user+app+operation could take place...]
How do you feel about this? Could this lessen the need for having permanent
permission on critical files?
Thanks,
Zsombor
--
Zsombor Gergely
Junior Research Fellow
Hungarian Academy of Sciences, Institute of Economics | Phone: (36-1) 309-2659
P.O. Box 262, H-1112 Budapest, Hungary | Fax: (36-1) 319-3136
Reply to: