Hi,
On Sun, Mar 12, 2017 at 12:54 AM, Key Offecka wrote:
>
> if the user (the real user, not the effective one) is root then permission
> check is successful
> else
> if the user owns the resource then permission check is successful
> else
> if the user belongs to
Hi,
> You did mention "sudo" a couple of times
Yes, I did. And maybe even more times, but I never told about extra rights
obtained by a user just because of sudoing.
> You keep talking about "first" and "second" user, in order to have these
you must switch user by some means
And I told you, in
Hi,
On Sat, Mar 11, 2017 at 7:50 PM, Konstantin I.
wrote:
> Hi,
>
> > Nope. Via "sudo", the first user is allowed to execute certain commands
> on behalf of the second, not the other way around.
>
> I didn't say "via sudo"
>
You did mention "sudo" a couple of times. You
Hi,
Nope. Via "sudo", the first user is allowed to execute certain commands on
behalf of the second, not the other way around.
I didn't say "via sudo"
I said: the second user (`ghost` in this example) is authorised to act on
behalf of `echo`.
How it's done is irrelevant. You mentioned
Hi,
The requirement here is that the second user (`ghost` in this example) is
> authorised to act on behalf of `echo`.
>
Nope. Via "sudo", the first user is allowed to execute certain commands on
behalf of the second, not the other way around. During this, the second
user doesn't have any access
Hi Egmont,
> What do you mean the tty owner is the _problem_? What kind of problem?
Please excuse me, I wasn't quite correct there.
Let's forget about permissions and TTYs. Let's look at the issue from the
user point of view. Please consider this case:
There is a user, say `echo` and there is
Hi,
> All you say about vcs* sounds reasonable, unfortunately according to the
code, the tty owner is the problem.
What do you mean the tty owner is the _problem_? What kind of problem?
I believe it's not the _problem_, it's the piece of information we rely on
to figure out if cons.saver is