This is the mail archive of the cygwin-developers@cygwin.com mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Corinna or Pierre please comment? [jason@tishler.net: Re: setuid()problem when disconnected from PDC under 1.3.12-2]

Corinna,

On Mon, Jul 15, 2002 at 11:07:33AM +0200, Corinna Vinschen wrote:
> So, basically the current implementation is more correct than the old
> implementation.  I don't see how to make it better.

But, the current implementation causes sshd and cron to fail for domain
users when their server is disconnected from its PDC.  IMO, this is not
good.

> [snip]
> 
> We *could* change it this way to succeed more often:
> 
>   GetPDC();
>   if (has_pdc)
>     {
>       get_domain_groups_of_account();
>       get_local_groups_of_account();
>       if (!has_primary_group)
> 	get_primary_group_of_account();
>     }
>   if (!has_primary_group)
>     get_primary_group_from_etc_passwd();
>   get_supplementary_groups_from_etc_group();
> 
> 
> That could leave you with a somewhat restricted token, though.

I haven't fully evaluated the above ramifications, but IMO, some
relaxation of the current implementation is needed.

What do others think?

Thanks,
Jason
Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]