((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
James Dennis
jdennis at law.harvard.edu
Sat Feb 15 06:51:00 EST 2003
> Maybe something like Apache's "Satisfy"-directive would be a
> solution (http://httpd.apache.org/docs/mod/core.html#satisfy),
> e.g.
>
> SatisfyAllow all -> user must be in both AllowGroup and AllowUsers
>
> SatisfyAllow any -> user must be in AllowGroup or AllowUsers or
> both
Great idea! What does everyone else think?
>
> I don't know if "either" as a third option would make sense, i.e.
> do not allow access if the user is in both AllowGroup and
> AllowUsers.
Wouldn't either be the same as any?
--
James Dennis
Harvard Law School
"Not everything that counts can be counted,
and not everything that can be counted counts."
More information about the openssh-unix-dev
mailing list