Previously Manoj Srivastava wrote: > Traditionally, UNIX has not been in the practice of > automatically adding users to groups, and I think we need to be > careful if we decide to break from universal practice.
A problem is that is simply isn't possible to do it securely currently, which is why unices have not done this. The standard attacks are creatin of sgid shells as mentioned and starting a long-running process that keeps an open filehandle on a device long after a user has logged out and another logged in. The possible solutions have all been discussed years ago and at that point we decided to wait until the kernel got a revoke systemcall which closes all open filehandles on a file. Using that one can chown a device to the currently logged in user, and chown it back and revoke all open filehandles on logout. If we need to choose between chown and group member my vote would be for chown, for two reasons: * it is slightly more secure since it does not create the option for the users to create sgid executables * while this does not allow multiple users on a physical machine (it breaks if another user logs in on another virtual console) I doubt this is a problem for standard machine usage It is slightly more fragile than group membership though: * it breaks if a user logs in one two consoles and then logs out on one of them since that will generally leave him without access to the device * if the machine crashses, looses power or otherwise shuts down the devices will be left with the wrong owner. This can be fixed in a boot-time script of course. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]> It is simple to make things. http://www.wiggy.net/ It is hard to make things simple.
