[snip]
> Notice that in a true capability model /etc/passwd is just another
> object, same as (for example) your ~/.profile, so you could as well let
> the _users_ create their own execute_~_.profile capability and delegate
> it to other users (and even their own processes, selectively that is).
> Carefull observers have probably already noticed that this model is
> clearly superior to any form of ACLs since having a capability is
> sufficient for the process to be granted the desired access. Besides
> being very flexible, this model also simplifies and speeds up a lot of
> things, and - considerably improves security.
This can be done by creating a group, and playing with chmod. I do this on
my system alreaddy. I'll bet you can go even farther with suid and some
dummy users. This is all userspace stuff.
Gerhard
-- Gerhard Mack gmack@imag.net innerfire@starchat.netAs a computer I find your faith in technology amusing.
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu