[Toolserver-l] an idea
River Tarnell
river at loreley.flyingparchment.org.uk
Thu Aug 27 16:30:33 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Fahad Sadah:
> Out of interest, how would these limited rights be implemented?
using a set of small, secure setuid programs i would write for the
purpose.
we can't use sudo because there's no way to say "allow this user to run
kill as root as long as he's only killing a user process". furthermore
we would want to make sure the user sends an explanation to the user
whose process was killed.
we can't use MySQL permissions because there's no way to let a user view
all threads except the replication thread (which could expose private
data).
we can't use Solaris RBAC (pfexec) for the same reason as sudo.
however, RBAC _does_ allow fine-grained privileges (unlike sudo), and we
could use RBAC to implement authorisation to use the setuid utilities.
however, i won't do it this way because then it wouldn't work on Linux,
which doesn't support RBAC.
- river.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (HP-UX)
iEYEARECAAYFAkqWtKkACgkQIXd7fCuc5vJLYgCguggvSPRO9dC+cZfLVbCHTASM
ntQAninpoNMN3qrcZZJz88dr900y3gCI
=ng/P
-----END PGP SIGNATURE-----
More information about the Toolserver-l
mailing list