[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Groups in the alternative user solution

To: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
Subject: Re: Groups in the alternative user solution
From: Ivan Gyurdiev <gyurdiev@xxxxxxxxxx>
Date: Thu, 30 Jun 2005 12:06:28 -0400
Cc: Stephen Smalley <sds@xxxxxxxxxxxxx>, kmacmillan@xxxxxxxxxx, selinux@xxxxxxxxxxxxx
In-reply-to: <20050630155440.68314.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Organization: Red Hat Inc.
References: <20050630155440.68314.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: gyurdiev@xxxxxxxxxx
Sender: owner-selinux@xxxxxxxxxxxxx

> > I didn't understand the reasoning there either,
> > particularly as we
> > aren't dealing with the effective GID but the entire
> > authorized group
> > list for the user since we are only doing this once
> > at login/su time.
> 
> I hope this has clarified the group vs.
> group list confusion.

Yes, I understand how it would work.
What's not clear is why you want to match on group
list as opposed to matching on group membership alone.
How is that helpful to the sysadmin - seems awfully 
fragile. What happens to this file if I add the user 
to another group?




--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.

Follow-Ups:
- Re: Groups in the alternative user solution
  - From: Casey Schaufler

References:
- Re: Groups in the alternative user solution
  - From: Casey Schaufler

Prev by Date: Re: Groups in the alternative user solution
Next by Date: SELinux auditing and NISPOM Ch 8
Previous by thread: Re: Groups in the alternative user solution
Next by thread: Re: Groups in the alternative user solution
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilot Consulting.