Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Group to the list of items an Authenticate action can occur on #15

Merged
merged 1 commit into from
Jul 12, 2017
Merged

Add Group to the list of items an Authenticate action can occur on #15

merged 1 commit into from
Jul 12, 2017

Conversation

burnalting
Copy link
Contributor

Refer to issue #13

at055612
at055612 reviewed Jun 26, 2017
View reviewed changes
Copy link
Member

@at055612 at055612 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This feels to me more like Authorisation than Authentication. Once linux has established who is logging on it can authorise that identity against any groups/roles.

stroomdev10
stroomdev10 approved these changes Jun 26, 2017
View reviewed changes
Copy link
Member

@stroomdev10 stroomdev10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't currently log the Authorisation as a separate action, we log the action and the reason why it was allowed.

We use Authorise to model changes in Authorisation policies.

So I'm OK with this

@burnalting
Copy link
Contributor Author

burnalting commented Jun 26, 2017
edited

This activity is not Authorising a user to be added to a Group (ie AddGroups), that activity has already occurred, this is when the user Authenticates to the group (aka setgid and friends system calls). This is to parallel when one Authenticates to a user (aka setuid and friends). Basically a setgid() system call is a Authenticate event of type 'ElevatePrivilege' to the given Group (not user).

stroomdev66
stroomdev66 approved these changes Jul 12, 2017
View reviewed changes
Copy link
Member

@stroomdev66 stroomdev66 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This makes sense.

@at055612 at055612 removed the request for review from gcdev373 July 12, 2017 09:53
@at055612 at055612 merged commit 2711f25 into gchq:master Jul 12, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@at055612 at055612 at055612 approved these changes

@stroomdev66 stroomdev66 stroomdev66 approved these changes

@stroomdev10 stroomdev10 stroomdev10 approved these changes

Assignees
No one assigned
Labels
enhancement non-breaking-change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@burnalting @at055612 @stroomdev66 @stroomdev10