From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dave Eckhardt To: 9fans@cse.psu.edu In-Reply-To: <18f0c3eef73be073daa4321ac3a66ad2@9netics.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <23741.1156005160.1@piper.nectar.cs.cmu.edu> Date: Sat, 19 Aug 2006 12:32:40 -0400 Message-ID: <23742.1156005160@piper.nectar.cs.cmu.edu> Subject: [9fans] Re: service ACLs (Was: If hostid==uid, then /lib/ndb/auth is not checked.) Topicbox-Message-UUID: a4304d7c-ead1-11e9-9d60-3106f5b1d025 > without it, a lot of procedure is required to restrict access to > some services. A couple more motivating examples: * I don't really want random users to be able to cpu into my file server and (accidentally) run it out of RAM and swap--but I do want "certain people" (maybe even a group) to log in and do maintenance. * If I have an auth server which is a standalone machine, I want very few people to be able to do *anything* to it. This could be the same case as the file server, except that specifying a group (e.g., "sys") as defined by a file server on a different machine is going to be a little harder, right? Dave Eckhardt