((AllowUsers || AllowGroups) && !(AllowUsers && AllowGroups))
James Dennis
jdennis at law.harvard.edu
Sat Feb 15 07:56:37 EST 2003
I've thought about this a bit more and have changed my mind. I think
everything should just be kept very simple to avoid apache-like
configuration madness. Maybe Thomas's idea?
If user is in denyusers
deny
if user is in allowusers
allow
report error if user is in both
if user's group is in denygroups
check status of either/and flag
either and is in allowusers
allow
and
deny
if user's group is in allowgroups
check status of either/and flag
either
allow
and
is in allowusers
allow
else
deny
report error if group is in both
--
James Dennis
Harvard Law School
"Not everything that counts can be counted,
and not everything that can be counted counts."
More information about the openssh-unix-dev
mailing list