[cap-talk] Capabilities and LDAP (was Reducing Ambient user authority in a Type Safe /Memory Safe OS.)
Monty Zukowski
monty at temboo.com
Sat Dec 19 19:49:44 PST 2009
On Fri, Dec 18, 2009 at 9:41 PM, Ben Kloosterman <bklooste at gmail.com> wrote:
> Monty , how do you map the capabilities to specific capabilities on each
> machine ? eg lets say your part of the LDAP sysadmins group which gives you
> the right to install , stop and start device drivers and services on all
> machines. When a user is added to this LDAP group he gets the right but how
> do you ensure this right is granted on Capability OS machines ? Do you do
> it the same is have local groups with a certain set of rights eg
> deviceManager and serviceManager and add the LDAP group to the local group ?
> However this changes the concept of a local group from a capability list .
We're not working at the OS level, we're providing a cloud service
which allows people to create and run scripts on our servers. Think
more in terms of managing access to databases and other data services.
The scripts are built with a visual editor, the language is our own
(and quite simple.) Underneath we are running on java, but our users
are never exposed to that level of detail.
Monty
More information about the cap-talk
mailing list