Re: Filesystem Capabilities in 2.6?

Michal Jaegermann (michal@ellpspace.math.ualberta.ca)
Sun, 3 Nov 2002 13:35:28 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Nicholas Wourms: "Re: Petition against kernel configuration options madness..."
Previous message: Roman Zippel: "Re: [kconfig] Survival of scripts/Menuconfig?"
In reply to: Dax Kelson: "Re: Filesystem Capabilities in 2.6?"

On Sun, Nov 03, 2002 at 12:16:02AM -0700, Dax Kelson wrote:
>
> Speaking of user 'nobody', modern best practices (and shipped vendor
> configuration) strongly discourages lumping everything under 'nobody'.
>
> Each app should run in its own security context by itself. That is why
> I have all the following users in my /etc/passwd:
>
> apache nscd squid xfs ident rpc pcap nfsnobody radvd gdm named ntp

As a side issue each of these "users", or most of them, has likely also
its own group and one needs also few groups for other purposes. Seems
like the next potential point to bump into a numbers of groups barrier
although probably most of these does not need to be shared. Still if
this will become a part of a widely used security mechanisms there could
be extra demands on memberships.

Michal
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nicholas Wourms: "Re: Petition against kernel configuration options madness..."
Previous message: Roman Zippel: "Re: [kconfig] Survival of scripts/Menuconfig?"
In reply to: Dax Kelson: "Re: Filesystem Capabilities in 2.6?"