On Tue, Nov 16, 2004 at 11:58:24AM +1100, [EMAIL PROTECTED] wrote: > On Tue, Nov 16, 2004 at 10:21:00AM +1100, Phil Scarratt wrote: > > [ .. ] it wasn't as simple to answer as I thought. The question: can a > > group be > > listed as a member of another group? > > No they can't (you're right) > > It's one thing that w______ has over linux/unix. > That said, there are number of ways to get the > effect that you want -- depending on exactly you > want. > > Restrictive parent dir perms, ACLs ...
Is it possible to do it with LDAP as your user database? My recollection is that the various modules that make the pwent stuff work with LDAP allow you to specify arbitrary database queries to determine the answer to questions like "am I in this group?". Is it possible to mangle those queries to an extent that multiple levels of grouping could be encapsulated in LDAP group objects and through judicious use of magic it could be made to operate as if the single group relationship was multi-layered? Not perfect by any means, but it'd probably be passable for file permissions and similar. James. -- "Now, there are no problems only opportunities. However, this seemed to be an insurmountable opportunity." - http://www.surfare.net/~toolman/temp/diagram.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
