This is the mail archive of the mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: ntsec patch 1: uid==gid, chmod, alloc_sd, is_grp_member

On Fri, Nov 15, 2002 at 10:24:36AM -0500, Pierre A. Humblet wrote:
> Corinna Vinschen wrote:
> >   chgrp 544 or 513 /var/empty
> > 
> > but that only works for default /etc/group files.
> 544 is still the best solution, IMHO. Let's take the long term view.

Yep.  But as far as I'm concerned we should drop that part of your
patch until I could update ssh.

> It's not a group_deny, it's an owner deny (which would go on top, so canonical
> order is OK here).

Oops, thick fingers...

> Also if the owner is not in the group when alloc_sd is called, and is placed
> in the group later, then the owner access mode of the file would change, which 
> isn't POSIX.
> Let's look at it from another angle: what is gained by going through the trouble
> of calling is_grp_member and possibly omitting the owner_deny?

Since is_grp_member() isn't that slow anymore, what does it hurt to
get the situation right in the first place?  I'm somehow more and more
convinced that this is just a matter of taste.

> The non canonical order is produced when the group has less permission 
> than everyone, which I agree is unlikely. 

Yeah, my mind was on another issue.  Time for weekend.

> It's 100% OK with me to give preference to being nice!

Ok.  I'm really sorry that I'm making your live that hard but I assume
you know that I'm just trying to find something as a best solution (if
that's at all possible).


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                      
Red Hat, Inc.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]