Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!yetti!geac!daveb
From: daveb@geac.UUCP (Dave Brown)
Newsgroups: comp.unix.wizards
Subject: Re: UNIX classified operation - (nf)
Message-ID: <903@geac.UUCP>
Date: Sat, 11-Jul-87 12:15:58 EDT
Article-I.D.: geac.903
Posted: Sat Jul 11 12:15:58 1987
Date-Received: Sun, 12-Jul-87 13:52:56 EDT
References: <175@uw-apl.UUCP> <8300007@iaoobelix.UUCP> <1110@rayssd.RAY.COM> <1894@oliveb.UUCP>
Reply-To: daveb@geac.UUCP (Dave Brown)
Organization: The little blue rock next to that twinkly star
Lines: 17

In article <1894@oliveb.UUCP> jerry@oliveb.UUCP (Jerry F Aguirre) writes:
>The /dev/mem and /dev/kmem entries are another area that should have
>similar protection.  On 4.3BSD they are mode 640 with a group of "kmem".
>This allows programs like "ps" to be set group id to kmem instead of
>set uid to root.

In general, it is better to have a few groups who "own" particular
resources than have every type-manager program use setuid root.  If
you create several hundred groups, though, you can expect to see a
performance problem (:-)

 
-- 
 David (Collier-) Brown.              |  Computer Science
 Geac Computers International Inc.,   |  loses its memory
 350 Steelcase Road,Markham, Ontario, |  (if not its mind)
 CANADA, L3R 1B3 (416) 475-0525 x3279 |  every 6 months.