[9fans] service ACLs (Was: If hostid==uid, then /lib/ndb/auth is not checked.)

[9fans] service ACLs (Was: If hostid==uid, then /lib/ndb/auth is not checked.)

[Skip Tavakkolian]

there was this discussion a couple of years ago:

http://groups.google.com/group/comp.os.plan9/msg/95f16c28ea79fed3?

Presotto outlined some enhancements there.  has there been any work on
this?

this is critical for general resource sharing and computing grids.
without it, a lot of procedure is required to restrict access to some
services.

[9fans] Re: service ACLs (Was: If hostid==uid, then /lib/ndb/auth is not checked.)

[Dave Eckhardt]

> without it, a lot of procedure is required to restrict access to
> some services.

A couple more motivating examples:

* I don't really want random users to be able to cpu into my file
  server and (accidentally) run it out of RAM and swap--but I do
  want "certain people" (maybe even a group) to log in and do
  maintenance.

* If I have an auth server which is a standalone machine, I want
  very few people to be able to do *anything* to it.  This could be
  the same case as the file server, except that specifying a group
  (e.g., "sys") as defined by a file server on a different machine
  is going to be a little harder, right?

Dave Eckhardt