[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Identifiers
Maybe something to think about if it's useful. VMS used to have the
concept of identifiers. Identifiers could be associated with rights on the
system, both rights to files and kernel rights. Identifiers could be given
to users at login and to installed images. I don't think we should bring
installed images back, because Linux has better mechanisms for sharing
code, but we could attach them to executables, kind of like SGID, but with
the ability to attach more than one, and you would not just set the
identifier but also the associated rights.
The big advantage IMHO is the ease of administration. If for example ping
and traceroute need the same rights you only need to create a single
identifier and attach that to both executables. If something changes in
the required rights you only need one change.
This would also allow controlled access to files and directories, i.e.
only certain programs can gain access to certain locations.
The use of identifiers or something similar would require some kernel
changes, the ACL code in ext2fs for one thing, but I think it can be done
without losing compatibility. Maybe a modifiction to group handling would
even suffice.
Ciao,
Hugo.
----------------------------------------------------------------
Hugo Van den Berg - h.vandenberg@nrcc.nl
Network Resource Consultants and Company BV
Plesmanstraat 62 3905 KZ Veenendaal
Postbus 67 3900 AB Veenendaal
Tel: +31 318 555 059 Fax: +31 318 517276
Visit us at http://www.nrcc.nl
----------------------------------------------------------------
-
Securedistros: A common list for all secured Linux distributions
Archive: http://humbolt.nl.linux.org/lists/