[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: supplementary groups question...
itschere@TechFak.Uni-Bielefeld.DE wrote:
>
> Bart Schuller wrote:
>
> > Yes: please don't change this behaviour, it's supposed to work this way.
> > It even has some advantages: you now have a very simple way to restrict
> > access to some files for a specific group; make the permissions rwx---r-x
> > and everyone in the same group as the file wil be denied access to it.
>
> Sh*t, looks like SUN-OS also behaves that way... :-(
Yes, it does. ;)
> Which kind of devil has ridden them to define *that* as official behaviour?
That was the behaviour I expected as read in a book about UNIX security.
The permissions are tested from left to right, if the user matches the
uid or gid, those permissions are used.
[SunOS 4.1.1]
/home/knarf> id
uid=100(knarf) gid=30(admin) groups=30(admin),0(wheel),8(uucp),100(user),\
101(xlib),102(connbeta),103(gmnibeta)
/home/knarf> ll testfile
-rw----rw- 1 tom xlib 0 Jun 23 20:00 testfile*
/home/knarf> more testfile
testfile: Permission denied
/home/knarf> ll testfile
----rw-rw- 1 knarf xlib 0 Jun 23 20:00 testfile*
/home/knarf> more testfile
testfile: Permission denied
> Now is it correct that this behaviour must be applied to any of the supp.
> gids, and thus maybe deny access if any of them matches, but has different
> permissions?
Seems to be correct.
Bye,
Knarf
--
Frank Bartels | UUCP: + 49 89 5469593 | MiNT is
knarf@nasim.cube.net | Login: nuucp Index: /pub/ls-lR.nasim.gz | Now TOS!