Subject: Re: [netatalk-admins] when uid/gid == 0
From: Tan Chee Weei (ctan@pacific.net.sg)
Date: Tue Sep 15 1998 - 04:10:25 EDT
Anyone have any idea how's it handled on Apple's
fileserver when they were running AIX?
My initial thought was to have a uid/gid like nobody/nogroup
which no one is a member of and to have uid/gid set to these
for uid/gid=0. Like you said, can't chown to uid/gid 0 since
users are not a member of the group. afpd needs the ability to
setreuid/setregid to root and back to enable this. The
attraction here is the minimal amount of work required to
implement this solution. Using other methods to
"mark" such cases would require that all areas where
perms are checked and files/dir accessed are modified
to check for such markers. If such access functions
(all functions that depend on a file/dir's perms)
can be replaced by a set of user defined ones that
checks for such cases, then it'll make the maintenance
of the code much cleaner as right now, these are
scattered over several places. It'll actually be
a good exercise to consolidate them in any case since
these would allow netatalk to freely implement the mapping
of perms. It's probably a better solution but requires
more work. Now comes the question of the choice of
markers. The setuid/setgid bits have no counterpart in
afp so they should be usable but those who share netatalk
directories with other unix users and possibly samba clients
may have a need for the bits.
CW
This archive was generated by hypermail 2b28 : Sat Dec 18 1999 - 16:33:17 EST