Date: Wed, 7 Jan 2009 23:52:29 -0800 (PST)
From: david@lang.hm
To: Andi Kleen <andi@firstfloor.org>
cc: Michael Stone <michael@laptop.org>, linux-kernel@vger.kernel.org,
       netdev@vger.kernel.org
Subject: Re: RFC: Network privilege separation.
In-Reply-To: <20090108031042.GQ496@one.firstfloor.org>
Message-ID: <alpine.DEB.1.10.0901072350480.31038@asgard.lang.hm>
References: <1231307334-9542-1-git-send-email-michael@laptop.org> <87mye2yg8a.fsf@basil.nowhere.org> <20090108023111.GJ3164@didacte.laptop.org> <20090108031042.GQ496@one.firstfloor.org>
User-Agent: Alpine 1.10 (DEB 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1214
Lines: 27

On Thu, 8 Jan 2009, Andi Kleen wrote:

> On Wed, Jan 07, 2009 at 09:31:11PM -0500, Michael Stone wrote:
>>     -- if it's different from Joe User's regular uid, then where did it come
>>        from and how is Joe going to clean it up when he no longer needs it?
>
> You always create  joe-nonet one when you create joe
>
> Now writing to joe's files: you can either use ACLs or do everything
> through group accesses (it's very common to have a "joe" group for this
> purpose for each user)
>
> But perhaps it's a good idea to not allow writing to all of Joe's
> files by those "no network" processes too. It at least sounds like
> that might be useful to combine.

there are times when that would be nice, but it's also a bit of a pain to 
have to change the permissions so that joe-nonet can access all the files 
that joe can access (they will have to be set with the correct group 
ownership and hope that there wasn't a reason to use any other group)

David Lang
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/