ntsec patch 1: uid==gid, chmod, alloc_sd, is_grp_member
Fri Nov 15 09:06:00 GMT 2002
On Fri, Nov 15, 2002 at 10:24:36AM -0500, Pierre A. Humblet wrote:
> Corinna Vinschen wrote:
> > chgrp 544 or 513 /var/empty
> > but that only works for default /etc/group files.
> 544 is still the best solution, IMHO. Let's take the long term view.
Yep. But as far as I'm concerned we should drop that part of your
patch until I could update ssh.
> It's not a group_deny, it's an owner deny (which would go on top, so canonical
> order is OK here).
Oops, thick fingers...
> Also if the owner is not in the group when alloc_sd is called, and is placed
> in the group later, then the owner access mode of the file would change, which
> isn't POSIX.
> Let's look at it from another angle: what is gained by going through the trouble
> of calling is_grp_member and possibly omitting the owner_deny?
Since is_grp_member() isn't that slow anymore, what does it hurt to
get the situation right in the first place? I'm somehow more and more
convinced that this is just a matter of taste.
> The non canonical order is produced when the group has less permission
> than everyone, which I agree is unlikely.
Yeah, my mind was on another issue. Time for weekend.
> It's 100% OK with me to give preference to being nice!
Ok. I'm really sorry that I'm making your live that hard but I assume
you know that I'm just trying to find something as a best solution (if
that's at all possible).
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Developer mailto:firstname.lastname@example.org
Red Hat, Inc.
More information about the Cygwin-patches