[Tfug] Ideas for handling group based allow/deny permissions?
Shanmugam, Girishan
shanmugam-g at bizlab.tamu.edu
Thu Jun 24 09:48:41 MST 2004
howdy,
Normally yes iptables is a many to one filter, but it is possible to specify
destination ports in the iptables rule. So its possible to perform port
redirection based on source ip address/ ports of the incoming packets..making
it a many to many filter? I was just thinking of this as an analogy
IPTABLES----------------------->USER/GROUP permissions application
destination ports ------------->destination files / documents
source ip address/ports-------->groups
targets(ACCEPT/DROP)----------->read,write, execute
implementing :-) is a different dimension but i thought this is how it might
solve the problem :).
--Girishan
-----Original Message-----
From: tfug-bounces at tfug.org on behalf of Choprboy
Sent: Wed 6/23/2004 8:04 PM
To: Tucson Free Unix Group
Cc:
Subject: Re: [Tfug] Ideas for handling group based allow/deny permissions?
On Wednesday 23 June 2004 15:51, Shanmugam, Girishan wrote:
> howdy,
> It sounds a lot to me like iptables packet filtering rules, would that be a
> model to build on?
> -Girishan
>
Yeah, Ill have to think about how to implement something like that, but I'm
still not sure how to implement it or how it would solve the problem. I
originally discarded that at the start as I thought of an iptables solution
as a many-to-one filter (i.e. there are lots of different IPs/source ports
out there, you filter locally on a single port or source) and the user-groups
document-groups problem as a many-to-many filter. But maybe I;m mistaken
about that... I'll have to ponder that a bit more.
Adrian
_______________________________________________
tfug mailing list
tfug at tfug.org
https://www.tfug.org/mailman/listinfo/tfug
More information about the tfug
mailing list