|
|
Subscribe / Log in / New account

The trouble with dropping groups

The trouble with dropping groups

Posted Nov 20, 2014 11:37 UTC (Thu) by knan (subscriber, #3940)
In reply to: The trouble with dropping groups by smurf
Parent article: The trouble with dropping groups

Yes, but a negative-access group is the traditional unix way. I've seen it too in hosting cases. Dropping this will certainly lead to compromises.

to post comments

The trouble with dropping groups

Posted Nov 20, 2014 23:37 UTC (Thu) by gerdesj (subscriber, #5446) [Link]

It wouldn't even occur to me to attempt this. ACLs are surely the way to go for filesystems. Your posited "Unix way" reminds me of the Inherited Right Filter in NetWare filesystems - a shortcut to madness.

I note that Novell ended up putting in an override in the filesystem so that having certain eDirectory rights to the object corresponding to the root of a volume (they are pinned as objects in the directory) would override an IRF thus always ensuring someone could get to files to fix fuck ups. Bit like root really ...

I have always been able to design filesystem layouts for user data that only needed additive rights. It only needs some thought and let's face it, real ACLs have been around for a while. The old days of just rwxrwxrwx are long gone.

Cheers
Jon


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds